CNNVD-202510-3789 Information

CNNVD ID

CNNVD-202510-3789

Related CVE

CVE-2025-60805

• CNNVD Published: 2025-10-28

Description (Chinese)

BES Application Server是中国宝兰德（BES）公司的一款高性能应用服务器软件。 BES Application Server 9.5.x及之前版本存在安全漏洞，该漏洞源于bes-web.xml中pre-resource选项可能导致敏感信息泄露。

Description (English)

BES Application Server is a high-performance application server software for BERS. The BES Application Server 9.5.x and previous versions have a security loophole, which stems from the pre-resource option in bes-web.xml that could lead to the disclosure of sensitive information.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

宝兰德

Published

2025-10-28

Last Modified

2026-02-24

References

http://bes.com http://www.bessystem.com/appserver/dtds/bes-web-app_2_5-0.dtd https://gist.github.com/Liu2000622/7a6294f7421ef50c378a456ca9494714 https://www.bessystem.com/product/0ad9b8c4d6af462b8d15723a5f25a87d/info?p=101 https://access.redhat.com/security/cve/cve-2025-60805