← CVECheck
HomeVulnerabilities

CVE-2004-0711 — HIGH severity vulnerability (The URL pattern matching feature in BEA WebLogic Server 6.x)

The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.

CVE IDCVE-2004-0711
SeverityHIGH
CVSS score7.5
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published2004-07-27
Last modified2026-04-16
DescriptionThe URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →