CVE-2000-1238
published 2000-12-31CVE-2000-1238: BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL…
PriorityP424high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.73%
84.2th percentile
BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bea | weblogic_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
ftp://ftpna.bea.com/pub/releases/patches/SecurityBEA00-0600.ziphttp://www.securityfocus.com/bid/5089https://exchange.xforce.ibmcloud.com/vulnerabilities/5588ftp://ftpna.bea.com/pub/releases/patches/SecurityBEA00-0600.ziphttp://www.securityfocus.com/bid/5089https://exchange.xforce.ibmcloud.com/vulnerabilities/5588
2000-12-31
Published