Family: CGI abuses --> Category: infos
BEA WebLogic Scripts Server scripts Source Disclosure (2) Vulnerability Scan
Vulnerability Scan Summary
BEA WebLogic may be tricked into revealing the source code of JSP scripts.
Detailed Explanation for this Vulnerability Test
BEA WebLogic may be tricked into revealing the source code of JSP scripts
by adding an encoded character (ie: %00x) at the end of the request.
Solution: Use the official patch available at http://www.bea.com
or upgrade to a version newer than 6.1SP2.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.