CVE-2000-1238

Name of the Vulnerable Software and Affected Versions BEA Systems WebLogic Express and WebLogic Server versions 5.1 SP1 through 5.1 SP6

Description The issue allows remote attackers to bypass access controls for restricted JSP or servlet pages by using a URL with multiple / (forward slash) characters before the restricted pages.

Recommendations For versions 5.1 SP1 through 5.1 SP6, consider restricting access to sensitive JSP or servlet pages until a fix is available. As a temporary workaround, review and modify URL handling mechanisms to prevent bypassing of access controls via multiple / characters.