Описание
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.
Ссылки
- PatchVendor Advisory
- ExploitPatchVendor Advisory
- PatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:bea:weblogic_server:3.1.8:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.5.1:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.05202
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.
EPSS
Процентиль: 89%
0.05202
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other