BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections.
References
Link | Resource |
---|---|
http://dev2dev.bea.com/pub/advisory/147 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/15052 | Third Party Advisory VDB Entry |
http://secunia.com/advisories/17138 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2005-12-30 21:00
Updated : 2018-09-27 14:38
NVD link : CVE-2005-4757
Mitre link : CVE-2005-4757
JSON object : View
CWE
Products Affected
bea
- weblogic_server