Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities by bea_systems
CVE-2010-2375 (GCVE-0-2010-2375)
Vulnerability from cvelistv5 – Published: 2010-07-13 22:07 – Updated: 2024-08-07 02:32
VLAI
Summary
Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
Date Public
2010-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-23T09:00:00.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-2375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2010-2375",
"datePublished": "2010-07-13T22:07:00.000Z",
"dateReserved": "2010-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:32:16.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3257 (GCVE-0-2008-3257)
Vulnerability from cvelistv5 – Published: 2008-07-22 16:00 – Updated: 2024-08-07 09:28
VLAI
Summary
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.attrition.org/pipermail/vim/2008-July/… | mailing-listx_refsource_VIM |
| http://www.attrition.org/pipermail/vim/2008-July/… | mailing-listx_refsource_VIM |
| https://www.exploit-db.com/exploits/6089 | exploitx_refsource_EXPLOIT-DB |
| http://www.oracle.com/technology/deploy/security/… | x_refsource_CONFIRM |
| https://support.bea.com/application_content/produ… | x_refsource_CONFIRM |
| http://secunia.com/advisories/31146 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/30273 | vdb-entryx_refsource_BID |
| http://blogs.oracle.com/security/2008/07/security… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id?1020520 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.kb.cert.org/vuls/id/716387 | third-party-advisoryx_refsource_CERT-VN |
| http://www.vupen.com/english/advisories/2008/2145… | vdb-entryx_refsource_VUPEN |
Date Public
2008-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
},
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
},
{
"name": "6089",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
},
{
"name": "31146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31146"
},
{
"name": "30273",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30273"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
},
{
"name": "1020520",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020520"
},
{
"name": "oracle-weblogic-apacheconnector-bo(43885)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
},
{
"name": "VU#716387",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/716387"
},
{
"name": "ADV-2008-2145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2145/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after \"POST /.jsp\" in an HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
},
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
},
{
"name": "6089",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
},
{
"name": "31146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31146"
},
{
"name": "30273",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30273"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
},
{
"name": "1020520",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020520"
},
{
"name": "oracle-weblogic-apacheconnector-bo(43885)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
},
{
"name": "VU#716387",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/716387"
},
{
"name": "ADV-2008-2145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2145/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after \"POST /.jsp\" in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
},
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
},
{
"name": "6089",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6089"
},
{
"name": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
},
{
"name": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html",
"refsource": "CONFIRM",
"url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
},
{
"name": "31146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31146"
},
{
"name": "30273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30273"
},
{
"name": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html",
"refsource": "CONFIRM",
"url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
},
{
"name": "1020520",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020520"
},
{
"name": "oracle-weblogic-apacheconnector-bo(43885)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
},
{
"name": "VU#716387",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/716387"
},
{
"name": "ADV-2008-2145",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2145/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3257",
"datePublished": "2008-07-22T16:00:00.000Z",
"dateReserved": "2008-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:28:41.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0902 (GCVE-0-2008-0902)
Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://dev2dev.bea.com/pub/advisory/273 | vendor-advisoryx_refsource_BEA |
| http://secunia.com/advisories/29041 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/0612… | vdb-entryx_refsource_VUPEN |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-80.04",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/273"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-11T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-80.04",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/273"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-80.04",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/273"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0902",
"datePublished": "2008-02-22T21:00:00.000Z",
"dateReserved": "2008-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:40.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0904 (GCVE-0-2008-0904)
Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
VLAI
Summary
Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1019437 | vdb-entryx_refsource_SECTRACK |
| http://osvdb.org/41881 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2008/0607… | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/28991 | third-party-advisoryx_refsource_SECUNIA |
| http://dev2dev.bea.com/pub/advisory/276 | vendor-advisoryx_refsource_BEA |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019437"
},
{
"name": "41881",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41881"
},
{
"name": "ADV-2008-0607",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0607/references"
},
{
"name": "28991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28991"
},
{
"name": "BEA08-200.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-11T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019437"
},
{
"name": "41881",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41881"
},
{
"name": "ADV-2008-0607",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0607/references"
},
{
"name": "28991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28991"
},
{
"name": "BEA08-200.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019437",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019437"
},
{
"name": "41881",
"refsource": "OSVDB",
"url": "http://osvdb.org/41881"
},
{
"name": "ADV-2008-0607",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0607/references"
},
{
"name": "28991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28991"
},
{
"name": "BEA08-200.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0904",
"datePublished": "2008-02-22T21:00:00.000Z",
"dateReserved": "2008-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:40.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0900 (GCVE-0-2008-0900)
Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
VLAI
Summary
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1019439 | vdb-entryx_refsource_SECTRACK |
| http://dev2dev.bea.com/pub/advisory/270 | vendor-advisoryx_refsource_BEA |
| http://secunia.com/advisories/29041 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/0612… | vdb-entryx_refsource_VUPEN |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019439",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019439"
},
{
"name": "BEA08-196.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/270"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-11T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019439",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019439"
},
{
"name": "BEA08-196.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/270"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019439",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019439"
},
{
"name": "BEA08-196.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/270"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0900",
"datePublished": "2008-02-22T21:00:00.000Z",
"dateReserved": "2008-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:40.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0896 (GCVE-0-2008-0896)
Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
VLAI
Summary
BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://dev2dev.bea.com/pub/advisory/266 | vendor-advisoryx_refsource_BEA |
| http://www.vupen.com/english/advisories/2008/0613 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1019453 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/29041 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-192.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/266"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "1019453",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019453"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-05T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-192.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/266"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "1019453",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019453"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-192.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/266"
},
{
"name": "ADV-2008-0613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "1019453",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019453"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0896",
"datePublished": "2008-02-22T21:00:00.000Z",
"dateReserved": "2008-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:40.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0901 (GCVE-0-2008-0901)
Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
VLAI
Summary
BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://dev2dev.bea.com/pub/advisory/271 | vendor-advisoryx_refsource_BEA |
| http://secunia.com/advisories/29041 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/0612… | vdb-entryx_refsource_VUPEN |
| http://www.s21sec.com/avisos/s21sec-040-en.txt | x_refsource_MISC |
| http://www.securitytracker.com/id?1019449 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/archive/1/488686/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-197.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/271"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
},
{
"name": "1019449",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019449"
},
{
"name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-197.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/271"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
},
{
"name": "1019449",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019449"
},
{
"name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-197.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/271"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"name": "http://www.s21sec.com/avisos/s21sec-040-en.txt",
"refsource": "MISC",
"url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
},
{
"name": "1019449",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019449"
},
{
"name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0901",
"datePublished": "2008-02-22T21:00:00.000Z",
"dateReserved": "2008-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:40.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0903 (GCVE-0-2008-0903)
Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
VLAI
Summary
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://dev2dev.bea.com/pub/advisory/275 | vendor-advisoryx_refsource_BEA |
| http://secunia.com/advisories/29041 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1019450 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2008/0608… | vdb-entryx_refsource_VUPEN |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-199.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019450",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019450"
},
{
"name": "ADV-2008-0608",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-11T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-199.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019450",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019450"
},
{
"name": "ADV-2008-0608",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-199.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019450",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019450"
},
{
"name": "ADV-2008-0608",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0903",
"datePublished": "2008-02-22T21:00:00.000Z",
"dateReserved": "2008-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:40.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0864 (GCVE-0-2008-0864)
Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI
Summary
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2008/0613 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/29041 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1019454 | vdb-entryx_refsource_SECTRACK |
| http://dev2dev.bea.com/pub/advisory/256 | vendor-advisoryx_refsource_BEA |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019454"
},
{
"name": "BEA08-183.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-05T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019454"
},
{
"name": "BEA08-183.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019454",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019454"
},
{
"name": "BEA08-183.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0864",
"datePublished": "2008-02-21T01:00:00.000Z",
"dateReserved": "2008-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:40.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0870 (GCVE-0-2008-0870)
Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI
Summary
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2008/0613 | vdb-entryx_refsource_VUPEN |
| http://dev2dev.bea.com/pub/advisory/264 | vendor-advisoryx_refsource_BEA |
| http://secunia.com/advisories/29041 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1019442 | vdb-entryx_refsource_SECTRACK |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "BEA08-190.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/264"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-05T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "BEA08-190.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/264"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "BEA08-190.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/264"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019442",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0870",
"datePublished": "2008-02-21T01:00:00.000Z",
"dateReserved": "2008-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:40.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0867 (GCVE-0-2008-0867)
Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI
Summary
Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/488346/100… | mailing-listx_refsource_BUGTRAQ |
| http://dev2dev.bea.com/pub/advisory/259 | vendor-advisoryx_refsource_BEA |
| http://secunia.com/advisories/29040 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/0610 | vdb-entryx_refsource_VUPEN |
| http://www.procheckup.com/Vulnerability_PR06-12.php | x_refsource_MISC |
| http://www.securitytracker.com/id?1019440 | vdb-entryx_refsource_SECTRACK |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080219 PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488346/100/100/threaded"
},
{
"name": "BEA08-186.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/259"
},
{
"name": "29040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29040"
},
{
"name": "ADV-2008-0610",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0610"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/Vulnerability_PR06-12.php"
},
{
"name": "1019440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080219 PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488346/100/100/threaded"
},
{
"name": "BEA08-186.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/259"
},
{
"name": "29040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29040"
},
{
"name": "ADV-2008-0610",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0610"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/Vulnerability_PR06-12.php"
},
{
"name": "1019440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019440"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080219 PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488346/100/100/threaded"
},
{
"name": "BEA08-186.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/259"
},
{
"name": "29040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29040"
},
{
"name": "ADV-2008-0610",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0610"
},
{
"name": "http://www.procheckup.com/Vulnerability_PR06-12.php",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulnerability_PR06-12.php"
},
{
"name": "1019440",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019440"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0867",
"datePublished": "2008-02-21T01:00:00.000Z",
"dateReserved": "2008-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:40.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0869 (GCVE-0-2008-0869)
Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI
Summary
Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1019438 | vdb-entryx_refsource_SECTRACK |
| http://dev2dev.bea.com/pub/advisory/263 | vendor-advisoryx_refsource_BEA |
| http://secunia.com/advisories/29041 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/0612… | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2008/0611 | vdb-entryx_refsource_VUPEN |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:39.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019438"
},
{
"name": "BEA08-189.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/263"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"name": "ADV-2008-0611",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a \"framework defined request parameter\" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-11T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019438"
},
{
"name": "BEA08-189.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/263"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"name": "ADV-2008-0611",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a \"framework defined request parameter\" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019438",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019438"
},
{
"name": "BEA08-189.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/263"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"name": "ADV-2008-0611",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0869",
"datePublished": "2008-02-21T01:00:00.000Z",
"dateReserved": "2008-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:39.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0868 (GCVE-0-2008-0868)
Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1019452 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2008/0613 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/29041 | third-party-advisoryx_refsource_SECUNIA |
| http://dev2dev.bea.com/pub/advisory/261 | vendor-advisoryx_refsource_BEA |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:39.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019452",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019452"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "BEA08-188.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-05T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019452",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019452"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "BEA08-188.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/261"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019452",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019452"
},
{
"name": "ADV-2008-0613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "BEA08-188.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0868",
"datePublished": "2008-02-21T01:00:00.000Z",
"dateReserved": "2008-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:39.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0865 (GCVE-0-2008-0865)
Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI
Summary
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://dev2dev.bea.com/pub/advisory/257 | vendor-advisoryx_refsource_BEA |
| http://www.vupen.com/english/advisories/2008/0613 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/29041 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1019451 | vdb-entryx_refsource_SECTRACK |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-184.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/257"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019451",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-05T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-184.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/257"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019451",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019451"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-184.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/257"
},
{
"name": "ADV-2008-0613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019451",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019451"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0865",
"datePublished": "2008-02-21T01:00:00.000Z",
"dateReserved": "2008-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:40.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}