Vulnerabilities > CVE-2000-1238 - Unspecified vulnerability in BEA Weblogic Server 5.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

bea

NVD

Published: 2000-12-31

Updated: 2017-07-11

Summary

BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. This vulnerability is addressed in the following product releases: BEA Systems Weblogic Server 5.1 SP 7 BEA Systems WebLogic Express 5.1 SP 7

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 5.1	14

References

ftp://ftpna.bea.com/pub/releases/patches/SecurityBEA00-0600.zip
http://www.securityfocus.com/bid/5089
https://exchange.xforce.ibmcloud.com/vulnerabilities/5588