CVE-2006-0420 — MEDIUM (5.0)

Vulnerability Description

BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors."

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Bea	Weblogic Server	7.0

References

http://dev2dev.bea.com/pub/advisory/164PatchVendor Advisory
http://securitytracker.com/id?1015528Patch
http://dev2dev.bea.com/pub/advisory/164PatchVendor Advisory
http://securitytracker.com/id?1015528Patch

FAQ

What is CVE-2006-0420?

CVE-2006-0420 is a vulnerability with a CVSS score of 5.0 (MEDIUM). BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service ...

How severe is CVE-2006-0420?

CVE-2006-0420 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-0420?

Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.