CVE Vulnerabilities

CVE-2002-2142

Published: Dec 31, 2002 | Modified: Sep 10, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a / character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.

Affected Software

Name Vendor Start Version End Version
Weblogic_server Bea 6.1 6.1
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 6.0 6.0
Weblogic_server Bea 7.0.0.1 7.0.0.1
Weblogic_server Bea 6.0 6.0
Weblogic_server Bea 6.1 6.1
Weblogic_server Bea 7.0.0.1 7.0.0.1
Weblogic_integration Bea 7.0 7.0
Weblogic_integration Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0

References