• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

BEA WebLogic Server/Express/Integration Application Migration Security Policy Weakness

The affected products supported undocumented extensions for the Servlet 2.3 specification. These extensions included additional URL mapping syntax for web applications. Since these extensions are no longer supported in recent versions of the software, role mappings and security policies may not carry over when web applications are migrated.