In order to fix a CVSS 10.0 Security issue CVE-2008-4008 with latest version of Weblogic server 10 mp1. we required to download the latest plug-in and use according to BEA.
https://support.bea.com/application_content/product_portlets/securityadvisories/2806.html
But this plug-in is unable to handle the special characters especially the "%".
The URL where the application is failing is pasted below.
The old plugin is able to co-relate/translate
ID%25253Affffffff867a01ae%25253A420603f3%25253A11D2AF793F0.csv to
ID%3Affffffff867a01ae%3A420603f3%3A11D2AF793F0.csv
but the new plugin is not able to do the same.
https://mts2.pearsonaccess.com/pearsonaccess/securedocs/publishedReports_v2/va/nwsumm08/ID%25253Affffffff867a01ae%25253A420603f3%25253A11D2AF793F0.csv?publishedDocId=127701&docName=ID%3Affffffff867a01ae%3A420603f3%3A11D2AF793F0.csv
Solution:
You need to set the WLAllowDoubleEscapedURI ON, this will resolve the issue.
No comments:
Post a Comment