CVE-2005-4757Weblogic Server vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 54.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedDec 31
Latest updateMay 1

Description

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDbea/weblogic_server7.0, 8.1+1

Patches

Patch: dev2dev.bea.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-jcg8-68f4-v6r7: BEA WebLogic Server and WebLogic Express 82022-05-01
CVEList
CVE-2005-4757: BEA WebLogic Server and WebLogic Express 82006-04-01
CVE-2005-4757 — BEA Weblogic Server vulnerability | cvebase