CVE-2002-2142 Information

Description

An undocumented extension for the Servlet mappings in the Servlet 2.3 specification when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1 does not prepend a /\ character in certain URL patterns which prevents the proper enforcement of role mappings and policies in applications that use the extension.

Reference

http://dev2dev.bea.com/pub/advisory/3 http://www.iss.net/security_center/static/10392.php http://www.securityfocus.com/bid/5971