Description
BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/38
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10221.php
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5819
Scores
EPSS
0.0046
EPSS Percentile
64.1%
Details
Status
published
Products (3)
bea/weblogic_server
6.1 (4 CPE variants)
bea/weblogic_server
7.0 (2 CPE variants)
bea/weblogic_server
7.0.0.1 (2 CPE variants)
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026