The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tuxedo | Bea | 6.3 | 6.3 |
Tuxedo | Bea | 6.4 | 6.4 |
Tuxedo | Bea | 6.5 | 6.5 |
Tuxedo | Bea | 7.1 | 7.1 |
Tuxedo | Bea | 8.0 | 8.0 |
Tuxedo | Bea | 8.1 | 8.1 |
Weblogic_server | Bea | 4.2 | 4.2 |
Weblogic_server | Bea | 5.0.1 | 5.0.1 |
Weblogic_server | Bea | 5.1 | 5.1 |