PUBLISHED DATE: December 31, 2000CVE-2000-1238:
Access Control Vulnerability

Description

BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.

Products

• BEA Systems WebLogic Server 5.1
• BEA WebLogic Server 5.1 Express Edition
• BEA Systems WebLogic Server 5.1 SP10
• BEA Systems WebLogic Express 5.1 SP10
• BEA Systems WebLogic Server 5.1 SP10 Win32
• BEA Systems WebLogic Server 5.1 SP11
• BEA Systems WebLogic Express 5.1 SP11
• BEA Systems WebLogic Server 5.1 SP11 Win32
• BEA Systems WebLogic Server 5.1 SP12
• BEA Systems WebLogic Express 5.1 SP12
• BEA Systems WebLogic Server 5.1 SP12 Win32
• BEA Systems WebLogic Server 5.1 SP13
• BEA Systems WebLogic Express 5.1 SP13
• BEA Systems WebLogic Server 5.1 SP13 Win32
• BEA Systems WebLogic Server 5.1 SP1
• BEA Systems WebLogic Express 5.1 SP1
• BEA Systems WebLogic Server 5.1 SP1 Win32
• BEA Systems WebLogic Server 5.1 SP2
• BEA Systems WebLogic Express 5.1 SP2
• BEA Systems WebLogic Server 5.1 SP2 Win32
• BEA Systems WebLogic Server 5.1 SP3
• BEA Systems WebLogic Express 5.1 SP3
• BEA Systems WebLogic Server 5.1 SP3 Win32
• BEA Systems WebLogic Server 5.1 SP4
• BEA Systems WebLogic Express 5.1 SP4
• BEA Systems WebLogic Server 5.1 SP4 Win32
• BEA Systems WebLogic Server 5.1 SP5
• BEA Systems WebLogic Express 5.1 SP5
• BEA Systems WebLogic Server 5.1 SP5 Win32
• BEA Systems WebLogic Server 5.1 SP6
• BEA Systems WebLogic Express 5.1 SP6
• BEA Systems WebLogic Server 5.1 SP6 Win32
• BEA Systems WebLogic Server 5.1 SP7
• BEA Systems WebLogic Express 5.1 SP7
• BEA Systems WebLogic Server 5.1 SP7 Win32
• BEA Systems WebLogic Server 5.1 SP8
• BEA Systems WebLogic Express 5.1 SP8
• BEA Systems WebLogic Server 5.1 SP8 Win32
• BEA Systems WebLogic Server 5.1 SP9
• BEA Systems WebLogic Express 5.1 SP9
• BEA Systems WebLogic Server 5.1 SP9 Win32

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2000-1238, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2000-1238 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• https://nvd.nist.gov/vuln/detail/CVE-2000-1238