CVE-2002-0106
BEA WebLogic Server 6.1 - Denial of Service via JSP MS-DOS Device Name Requests
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-0106. PoCs published by Peter Gründl.
AI-analyzed exploit summary This exploit demonstrates a denial of service (DoS) vulnerability in BEA WebLogic Server 6.1 SP2 by appending a null character to a request for a MS-DOS device name (e.g., AUX). The server hangs upon receiving multiple malformed requests, requiring a restart to recover.
Description
BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.
Exploits (1)
This exploit demonstrates a denial of service (DoS) vulnerability in BEA WebLogic Server 6.1 SP2 by appending a null character to a request for a MS-DOS device name (e.g., AUX). The server hangs upon receiving multiple malformed requests, requiring a restart to recover.