Lucene search

[email protected]CVE-2002-2142

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-2142

2002-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-2142

undocumented extension

servlet mappings

weblogic server

bea

vulnerability

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.2%

JSON

An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a “/” character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq6.1
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq6.0
bea:weblogic_serverbea weblogic servereq7.0.0.1
bea:weblogic_integrationbea weblogic integrationeq7.0

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	6.1
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	6.0
bea:weblogic_server	bea weblogic server	eq	7.0.0.1
bea:weblogic_integration	bea weblogic integration	eq	7.0

References

dev2dev.bea.com/pub/advisory/3

www.iss.net/security_center/static/10392.php

www.securityfocus.com/bid/5971

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.2%

JSON

Related for CVE-2002-2142

cvelist1