CVE-2002-0106

BEA WebLogic Server 6.1 - Denial of Service via JSP MS-DOS Device Name Requests

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0106. PoCs published by Peter Gründl.

AI-analyzed exploit summary This exploit demonstrates a denial of service (DoS) vulnerability in BEA WebLogic Server 6.1 SP2 by appending a null character to a request for a MS-DOS device name (e.g., AUX). The server hangs upon receiving multiple malformed requests, requiring a restart to recover.

Description

BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Peter Gründl · textdoswindows
https://www.exploit-db.com/exploits/21432

This exploit demonstrates a denial of service (DoS) vulnerability in BEA WebLogic Server 6.1 SP2 by appending a null character to a request for a MS-DOS device name (e.g., AUX). The server hangs upon receiving multiple malformed requests, requiring a restart to recover.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: BEA WebLogic Server 6.1 SP2
No auth needed
Prerequisites: Network access to the target WebLogic Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7808.php
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101050440629269&w=2
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3816

Scores

EPSS 0.0709
EPSS Percentile 93.4%

Details

Status published
Products (1)
bea/weblogic_server 6.1 (2 CPE variants)
Published Mar 25, 2002
Tracked Since Feb 18, 2026