Description
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
Affected products
- bea / tuxedo6.3 – 6.3
- bea / tuxedo6.4 – 6.4
- bea / tuxedo6.5 – 6.5
- bea / tuxedo7.1 – 7.1
- bea / tuxedo8.0 – 8.0
- bea / tuxedo8.1 – 8.1
- bea / weblogic_server4.2 – 4.2
- bea / weblogic_server5.0.1 – 5.0.1
- bea / weblogic_server5.1 – 5.1