CVE-2002-2142 — Weblogic Integration vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 33.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Integration BEA Weblogic Server

Timeline

PublishedDec 31

Latest updateApr 30

Description

An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDbea/weblogic_server4 versions+3

▶NVDbea/weblogic_integration7.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-vx4p-89g5-6935: An undocumented extension for the Servlet mappings in the Servlet 2↗2022-04-30

▶

CVEList

CVE-2002-2142: An undocumented extension for the Servlet mappings in the Servlet 2↗2005-11-16

▶