CVE-2004-0711 — Weblogic Server vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedJul 27

Latest updateApr 29

Description

The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDbea/weblogic_server7.0, 8.1+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-4799-f54j-42m9: The URL pattern matching feature in BEA WebLogic Server 6↗2022-04-29

▶

CVEList

CVE-2004-0711: The URL pattern matching feature in BEA WebLogic Server 6↗2004-07-21

▶