BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions, and 7.0 SP5 and previous versions, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote malicious users to bypass intended servlet protections.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 8.1 |
||
bea weblogic server 7.0 |