What is the severity of CVE-2002-2142?

CVE-2002-2142 is classified as a high severity vulnerability due to the potential for bypassing security restrictions.

How do I fix CVE-2002-2142?

To fix CVE-2002-2142, upgrade to a secure version of Oracle WebLogic Server or apply available patches provided by the vendor.

Which versions of WebLogic Server are affected by CVE-2002-2142?

CVE-2002-2142 affects BEA WebLogic Server versions 6.0, 6.1, and 7.0 up to 7.0.0.1.

What kind of impact can CVE-2002-2142 have on my application?

CVE-2002-2142 can allow unauthorized users to access restricted resources, potentially compromising sensitive data.

Is CVE-2002-2142 still relevant today?

Although CVE-2002-2142 was reported a while ago, it remains relevant for organizations still using the affected versions of WebLogic Server.

Vulnerability/
CVE-2002-2142

high

7.5

CWE

NVD-CWE-Other

31/12/2002

16/11/2005

8/8/2024

CVE-2002-2142

First published: Tue Dec 31 2002(Updated: )

An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Oracle WebLogic Server	=6.1
Oracle WebLogic Server	=7.0
Oracle WebLogic Server	=6.0
Oracle WebLogic Server	=7.0.0.1
Oracle WebLogic Server	=6.0
Oracle WebLogic Server	=6.1
Oracle WebLogic Server	=7.0.0.1
BEA WebLogic Integration	=7.0-sp1
BEA WebLogic Integration	=7.0
Oracle WebLogic Server	=7.0

Remedy

http://www.securityfocus.com/bid/5971

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2002-2142?
CVE-2002-2142 is classified as a high severity vulnerability due to the potential for bypassing security restrictions.
How do I fix CVE-2002-2142?
To fix CVE-2002-2142, upgrade to a secure version of Oracle WebLogic Server or apply available patches provided by the vendor.
Which versions of WebLogic Server are affected by CVE-2002-2142?
CVE-2002-2142 affects BEA WebLogic Server versions 6.0, 6.1, and 7.0 up to 7.0.0.1.
What kind of impact can CVE-2002-2142 have on my application?
CVE-2002-2142 can allow unauthorized users to access restricted resources, potentially compromising sensitive data.
Is CVE-2002-2142 still relevant today?
Although CVE-2002-2142 was reported a while ago, it remains relevant for organizations still using the affected versions of WebLogic Server.

agent/type
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/remedy
agent/references
agent/author
agent/severity
agent/last-modified-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/bea
canonical/oracle weblogic server
version/oracle weblogic server/6.1
version/oracle weblogic server/7.0
version/oracle weblogic server/6.0
version/oracle weblogic server/7.0.0.1
canonical/bea weblogic integration
version/bea weblogic integration/7.0-sp1
version/bea weblogic integration/7.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.