CVE-2005-4757 Information

Description

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier and 7.0 SP5 and earlier do not properly \constrain\ a /\ (slash) servlet root URL pattern which might allow remote attackers to bypass intended servlet protections.

Reference

http://dev2dev.bea.com/pub/advisory/147 http://secunia.com/advisories/17138 http://www.securityfocus.com/bid/15052