Back to search
CVE-2002-2142
Published: Nov 16, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
weblogic-security-policy-ignored(10392)
vdb-entry
x_refsource_XF
5971
vdb-entry
x_refsource_BID
BEA02-22.00
vendor-advisory
x_refsource_BEA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now