GCVE - cpe:2.3:a:bea:weblogic_server:6.1:sp8:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_server:6.1:sp8:*:*:*:*:*:*

part: a version: 6.1 update: sp8

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Server (`ebf23157-7e5f-5cf4-ba69-dda04749aa52`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-3257`	vulnerable	2026-06-03 14:28:52.740405	Details available Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. Published: 2008-07-22T16:00:00.000Z Updated: 2024-08-07T09:28:41.938Z Open on db.gcve.eu Reference links http://www.attrition.org/pipermail/vim/2008-July/002035.html http://www.attrition.org/pipermail/vim/2008-July/002036.html https://www.exploit-db.com/exploits/6089 http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4764`	vulnerable	2026-06-03 14:27:14.235258	Details available BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins). Published: 2006-04-01T02:00:00.000Z Updated: 2024-09-17T03:43:22.570Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/155 http://www.securityfocus.com/bid/15052 http://secunia.com/advisories/17138	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4763`	vulnerable	2026-06-03 14:27:14.233835	Details available BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions. Published: 2006-04-01T02:00:00.000Z Updated: 2024-09-16T16:53:44.302Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/154 http://www.securityfocus.com/bid/15052 http://secunia.com/advisories/17138	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4750`	vulnerable	2026-06-03 14:27:14.203288	Details available BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors. Published: 2006-04-01T02:00:00.000Z Updated: 2024-09-16T22:36:34.769Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/15052 http://dev2dev.bea.com/pub/advisory/138 http://secunia.com/advisories/17138	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.