Lucene search

K
cve[email protected]CVE-2000-1238
HistoryNov 16, 2005 - 9:17 p.m.

CVE-2000-1238

2005-11-1621:17:00
web.nvd.nist.gov
24
cve-2000-1238
bea systems
weblogic server
access controls
remote attacks
jsp
servlet pages

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.005

Percentile

76.9%

BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.

Affected configurations

NVD
Node
beaweblogic_serverMatch5.1
OR
beaweblogic_serverMatch5.1express
OR
beaweblogic_serverMatch5.1sp1
OR
beaweblogic_serverMatch5.1sp1express
OR
beaweblogic_serverMatch5.1sp2
OR
beaweblogic_serverMatch5.1sp2express
OR
beaweblogic_serverMatch5.1sp3
OR
beaweblogic_serverMatch5.1sp3express
OR
beaweblogic_serverMatch5.1sp4
OR
beaweblogic_serverMatch5.1sp4express
OR
beaweblogic_serverMatch5.1sp5
OR
beaweblogic_serverMatch5.1sp5express
OR
beaweblogic_serverMatch5.1sp6
OR
beaweblogic_serverMatch5.1sp6express
VendorProductVersionCPE
beaweblogic_server5.1cpe:/a:bea:weblogic_server:5.1:sp1::
beaweblogic_server5.1cpe:/a:bea:weblogic_server:5.1:sp4::
beaweblogic_server5.1cpe:/a:bea:weblogic_server:5.1:sp3::
beaweblogic_server5.1cpe:/a:bea:weblogic_server:5.1:::
beaweblogic_server5.1cpe:/a:bea:weblogic_server:5.1:sp2::
beaweblogic_server5.1cpe:/a:bea:weblogic_server:5.1:sp6::
beaweblogic_server5.1cpe:/a:bea:weblogic_server:5.1:sp5::

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.005

Percentile

76.9%

Related for CVE-2000-1238