Conflicts between URL mapping and URL based access control., (Mon, Nov 24th)

We continue to encounter high-profile vulnerabilities related to the use of URL mapping (or "aliases") with URL-based access control. Last week, we wrote about the Oracle Identity Manager vulnerability. I noticed some scans for an older vulnerability with similar roots today: