The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tuxedo | Bea | 6.3 | 6.3 |
Tuxedo | Bea | 6.4 | 6.4 |
Tuxedo | Bea | 6.5 | 6.5 |
Tuxedo | Bea | 7.1 | 7.1 |
Tuxedo | Bea | 8.0 | 8.0 |
Tuxedo | Bea | 8.1 | 8.1 |
Weblogic_server | Bea | 4.2 | 4.2 |
Weblogic_server | Bea | 5.0.1 | 5.0.1 |
Weblogic_server | Bea | 5.1 | 5.1 |