Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BEA WebLogic多个远程安全漏洞
Vulnerability Description
BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。 BEA WebLogic中存在多个安全漏洞,恶意用户可能泄露敏感信息、绕过某些安全限制、执行跨站脚本攻击、暴力猜测管理员口令或导致拒绝服务。 1) WebLogic Server和WebLogic Express没有正确过滤某些参数的输入,导致在用户浏览器会话中执行任意HTML和脚本代码。 2) 如果配置了SecureProxy参数的话,在HttpClusterServlet和H
CVSS Information
N/A
Vulnerability Type
N/A