The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in * as wildcards as if they were the legal /* pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Weblogic_server | Bea | 7.0 (including) | 7.0 (including) |
Weblogic_server | Bea | 7.0-sp1 (including) | 7.0-sp1 (including) |
Weblogic_server | Bea | 7.0-sp2 (including) | 7.0-sp2 (including) |
Weblogic_server | Bea | 7.0-sp3 (including) | 7.0-sp3 (including) |
Weblogic_server | Bea | 7.0-sp4 (including) | 7.0-sp4 (including) |
Weblogic_server | Bea | 8.1 (including) | 8.1 (including) |
Weblogic_server | Bea | 8.1-sp1 (including) | 8.1-sp1 (including) |