CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-4757

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 76.7%

CVSS Severity

CVSS v2 Score 7.5

References

http://dev2dev.bea.com/pub/advisory/147
http://secunia.com/advisories/17138
http://www.securityfocus.com/bid/15052
http://dev2dev.bea.com/pub/advisory/147
http://secunia.com/advisories/17138
http://www.securityfocus.com/bid/15052

Products affected by CVE-2005-4757

Bea » Weblogic Server » Version: 7.0

cpe:2.3:a:bea:weblogic_server:7.0
Bea » Weblogic Server » Version: 8.1

cpe:2.3:a:bea:weblogic_server:8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-4757

Products

Pricing

Contact Us