Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0711

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0711
Last Modified 05 Sep 2008 04:39:11
Published 27 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0711

Summary

The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.

Vulnerable Systems

Application

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 8.1


References

CERT-VN - VU#184558

BID - 10184

XF - weblogic-urlpattern-obtain-information(15927)

CONFIRM - http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp


Last Updated: 27 May 2016 10:38:43