First published: Fri Oct 13 2000(Updated: )
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
BEA Weblogic Server | =4.5.1 | |
BEA Weblogic Server | =3.1.8 | |
BEA Weblogic Server | =4.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.