CVE-2006-0420

BEA WebLogic Server and WebLogic Express 7.0-8.1 - Denial of Service via Servlet Relative Forwarding

Title source: llm
STIX 2.1

Description

BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors."

References (2)

Core 2
Core References
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015528
Patch, Vendor Advisory vendor-advisory x_refsource_bea
http://dev2dev.bea.com/pub/advisory/164

Scores

EPSS 0.0053
EPSS Percentile 67.6%

Details

Status published
Products (2)
bea/weblogic_server 7.0 sp1 (12 CPE variants)
bea/weblogic_server 8.1 sp1 (8 CPE variants)
Published Jan 25, 2006
Tracked Since Feb 18, 2026