The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tuxedo | Bea | 6.3 (including) | 6.3 (including) |
Tuxedo | Bea | 6.4 (including) | 6.4 (including) |
Tuxedo | Bea | 6.5 (including) | 6.5 (including) |
Tuxedo | Bea | 7.1 (including) | 7.1 (including) |
Tuxedo | Bea | 8.0 (including) | 8.0 (including) |
Tuxedo | Bea | 8.1 (including) | 8.1 (including) |
Weblogic_server | Bea | 4.2 (including) | 4.2 (including) |
Weblogic_server | Bea | 5.0.1 (including) | 5.0.1 (including) |
Weblogic_server | Bea | 5.1 (including) | 5.1 (including) |