CVE-2004-0711

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 6.x through 7.x

Description The issue concerns the URL pattern matching feature in the affected software, which improperly handles certain patterns. Specifically, it treats illegal patterns ending in "" as wildcards, similar to the legal "/" pattern. This could allow remote attackers to bypass intended access restrictions because the illegal patterns are not properly rejected.

Recommendations For BEA WebLogic Server versions 6.x through 7.x, update the URL pattern matching feature to properly reject illegal patterns ending in "*" to prevent bypassing of access restrictions.