CVE-2000-1238
BEA Systems WebLogic Express & WebLogic Server <5.1.6 - Auth Bypass
Title source: llmDescription
BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5588
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5089
Patch x_refsource_confirm
ftp://ftpna.bea.com/pub/releases/patches/SecurityBEA00-0600.zip
Scores
EPSS
0.0060
EPSS Percentile
69.8%
Details
Status
published
Products (1)
bea/weblogic_server
5.1 (14 CPE variants)
Published
Dec 31, 2000
Tracked Since
Feb 18, 2026