GCVE - cpe:2.3:a:bea:weblogic_server:5.1:sp2:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_server:5.1:sp2:*:*:*:*:*:*

part: a version: 5.1 update: sp2

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Server (`ebf23157-7e5f-5cf4-ba69-dda04749aa52`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-3257`	vulnerable	2026-06-03 14:28:52.729880	Details available Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. Published: 2008-07-22T16:00:00.000Z Updated: 2024-08-07T09:28:41.938Z Open on db.gcve.eu Reference links http://www.attrition.org/pipermail/vim/2008-July/002035.html http://www.attrition.org/pipermail/vim/2008-July/002036.html https://www.exploit-db.com/exploits/6089 http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-2320`	vulnerable	2026-06-03 14:26:47.080024	Details available The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. Published: 2005-08-16T04:00:00.000Z Updated: 2026-05-28T17:55:12.478Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/14959 http://www.kb.cert.org/vuls/id/867593 http://dev2dev.bea.com/pub/advisory/68 http://www.securityfocus.com/bid/9506 http://secunia.com/advisories/10726	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-1030`	vulnerable	2026-06-03 14:26:15.663001	Details available Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. Published: 2003-04-02T05:00:00.000Z Updated: 2024-08-08T03:12:16.665Z Open on db.gcve.eu Reference links http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html http://www.securityfocus.com/bid/5159 http://www.iss.net/security_center/static/9486.php http://online.securityfocus.com/archive/1/281046 http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-1238`	vulnerable	2026-06-03 14:26:00.756459	Details available BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. Published: 2005-11-16T21:17:00.000Z Updated: 2024-08-08T05:45:37.536Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/5588 http://www.securityfocus.com/bid/5089 ftp://ftpna.bea.com/pub/releases/patches/SecurityBEA00-0600.zip	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.