CVE-2004-0711 in WebLogicinfo

Summary

The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

07/20/2004

Disclosure

07/27/2004

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
624	BEA WebLogic URL Filter * privileges management	269	Proof-of-Concept	Official fix	CVE-2004-0711

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!