{"vuid":"VU#184558","idnumber":"184558","name":"BEA WebLogic Server contains a vulnerability in the URL pattern matching","keywords":["BEA","WebLogic Server","/dir*","/dir*/","URL pattern matching","BEA04-056.00"],"overview":"There is a vulnerability in the URL pattern matching functionality of BEA WebLogic Server that could allow URL restrictions to be bypassed.","clean_desc":"BEA Systems describes WebLogic Server as \"an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed Java applications.\" The WebLogic Server provides a feature that allows an administrator to restrict access to certain URLs. There is a vulnerability in this URL pattern matching feature that could cause patterns ending in \"*\" rather than \"/*\" to be evaluated as wildcard patterns. According to the BEA Security Advisory,\nIn WebLogic Server version 6.x, the illegal URL pattern of /mydir* is treated the same as the legal URL pattern /mydir/*. If a WebLogic Server version 6.x Web application used the illegal syntax and is moved to WebLogic Server version 7.x or greater, the URL patterns that were protected by the illegal syntax will stop being protected. There is no notification in the change of protection. According to the BEA Security Advisory, the following versions of WebLogic Server and Express are affected by this vulnerability: WebLogic Server and WebLogic Express version 8.1 through Service Pack 1, on all platforms\nWebLogic Server and WebLogic Express version 7.0 through Service Pack 4, on all platforms","impact":"A remote user could access restricted URLs that were previously protected by specific URL pattern matching syntax.","resolution":"Upgrade or Fix Syntax\nWebLogic Server and WebLogic Express version 8.1\nUpgrade to WebLogic Server and WebLogic Express version 8.1 Service Pack 2. or In all deployed web applications, convert the illegal URL patterns to legal syntax. WebLogic Server and WebLogic Express version 7.0\nUpgrade to WebLogic Server and WebLogic Express version 7.0 Service Pack 5. or In all deployed web applications, convert the illegal URL patterns to legal syntax.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by BEA Systems Inc.","author":"This document was written by Damon Morda.","public":["http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp","http://secunia.com/advisories/11435/","http://www.securitytracker.com/alerts/2004/Apr/1009896.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-04-22T17:31:39Z","publicdate":"2004-04-21T00:00:00Z","datefirstpublished":"2004-04-26T20:24:08Z","dateupdated":"2004-04-26T20:44:30Z","revision":23,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"9","cam_impact":"8","cam_easeofexploitation":"7","cam_attackeraccessrequired":"20","cam_scorecurrent":"4.158","cam_scorecurrentwidelyknown":"5.103","cam_scorecurrentwidelyknownexploited":"8.883","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.158,"vulnote":null}