GCVE - cpe:2.3:a:bea:weblogic_server:5.1:sp12:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_server:5.1:sp12:*:*:*:*:*:*

part: a version: 5.1 update: sp12

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Server (`ebf23157-7e5f-5cf4-ba69-dda04749aa52`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-3257`	vulnerable	2026-06-03 14:28:52.728851	Details available Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. Published: 2008-07-22T16:00:00.000Z Updated: 2024-08-07T09:28:41.938Z Open on db.gcve.eu Reference links http://www.attrition.org/pipermail/vim/2008-July/002035.html http://www.attrition.org/pipermail/vim/2008-July/002036.html https://www.exploit-db.com/exploits/6089 http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-2320`	vulnerable	2026-06-03 14:26:47.077088	Details available The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. Published: 2005-08-16T04:00:00.000Z Updated: 2026-05-28T17:55:12.478Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/14959 http://www.kb.cert.org/vuls/id/867593 http://dev2dev.bea.com/pub/advisory/68 http://www.securityfocus.com/bid/9506 http://secunia.com/advisories/10726	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-1030`	vulnerable	2026-06-03 14:26:15.662037	Details available Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. Published: 2003-04-02T05:00:00.000Z Updated: 2024-08-08T03:12:16.665Z Open on db.gcve.eu Reference links http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html http://www.securityfocus.com/bid/5159 http://www.iss.net/security_center/static/9486.php http://online.securityfocus.com/archive/1/281046 http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.