CVE-2010-2375
Oracle WebLogic Server Plug-in HTTP Injection (CVE-2010-2375) affects the WebLogic web-server plugins for Apache, Sun, and IIS; the vulnerability arises because the plugin fails to sanitize certain URL-encoded headers before forwarding requests to WebLogic, enabling unauthenticated remote attacke...