CVE-2000-1238Weblogic Server vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 30.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedDec 31
Latest updateMay 3

Description

BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: ftpna.bea.comPatch: www.securityfocus.comPatch: ftpna.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-p2gc-6r4p-xp97: BEA Systems WebLogic Express and WebLogic Server 52022-05-03
CVEList
CVE-2000-1238: BEA Systems WebLogic Express and WebLogic Server 52005-11-16
CVE-2000-1238 — BEA Weblogic Server vulnerability | cvebase