Vulnerability Details CVE-2004-0711
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp
- http://www.kb.cert.org/vuls/id/184558
- http://www.securityfocus.com/bid/10184
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15927
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp
- http://www.kb.cert.org/vuls/id/184558
- http://www.securityfocus.com/bid/10184
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15927
Products affected by CVE-2004-0711
-
cpe:2.3:a:bea:weblogic_server:7.0
-
cpe:2.3:a:bea:weblogic_server:8.1