The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tuxedo | Bea | 6.3 (including) | 6.3 (including) |
Tuxedo | Bea | 6.4 (including) | 6.4 (including) |
Tuxedo | Bea | 6.5 (including) | 6.5 (including) |
Tuxedo | Bea | 7.1 (including) | 7.1 (including) |
Tuxedo | Bea | 8.0 (including) | 8.0 (including) |
Tuxedo | Bea | 8.1 (including) | 8.1 (including) |
Weblogic_server | Bea | 4.2 (including) | 4.2 (including) |
Weblogic_server | Bea | 5.0.1 (including) | 5.0.1 (including) |
Weblogic_server | Bea | 5.1 (including) | 5.1 (including) |