CVE-2002-0106
published 2002-03-25CVE-2002-0106: BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
7.09%
93.4th percentile
BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bea | weblogic_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Improper Handling of Windows Device Names
mitre_cwe·CVSS 5.0
[MEDIUM] CWE-67 Improper Handling of Windows Device Names
CWE-67: Improper Handling of Windows Device Names
The product constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file.
Not properly handling virtual filenames (e.g. AUX, CON, PRN, COM1, LPT1) can result in different types of vulnerabilities. In some cases an attacker can request a device via injection of a virtual filename in a URL, which may cause an error that leads to a denial of service or an error page that reveals sensitive information. A product that allows device names to bypass filtering runs the risk of an attacker injecting malicious code in a file
CWE
Improper Handling of File Names that Identify Virtual Resources
mitre_cwe
CWE-66 Improper Handling of File Names that Identify Virtual Resources
CWE-66: Improper Handling of File Names that Identify Virtual Resources
The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.
Virtual file names are represented like normal file names, but they are effectively aliases for other resources that do not behave like normal files. Depending on their functionality, they could be alternate entities. They are not necessarily listed in directories.
Modes of Introduction:
Phase: Implementation
Phase: Operation
Common Consequences:
Scope: Other. Impact: Other.
Detection Methods:
Automated Static Analysis - Binary or Bytecode:
2002-03-25
Published