VULHUB ™

WebLogic Server And WebLogic Express are affected by a vulnerability that may unauthorized access to application roles. This issue is due to a failure of the application to properly implement the Servlet 2.3 specification, facilitating unauthorized access. It should be noted that this issue only arises when a web application is built using the '*' specifier within the '<role-name>' tags, resources are defined to be protected by the '*' specifier, and users exist without explicitly defined roles. Due to the circumstantial nature of this issue, exploitation may be unlikely. This issue would allow an attacker to carry out actions outside of the defined roles; potentially leading to unauthorized access or other attacks.

WebLogic Server And WebLogic Express are affected by a vulnerability that may unauthorized access to application roles. This issue is due to a failure of the application to properly implement the Servlet 2.3 specification, facilitating unauthorized access. It should be noted that this issue only arises when a web application is built using the '*' specifier within the '<role-name>' tags, resources are defined to be protected by the '*' specifier, and users exist without explicitly defined roles. Due to the circumstantial nature of this issue, exploitation may be unlikely. This issue would allow an attacker to carry out actions outside of the defined roles; potentially leading to unauthorized access or other attacks.