Family: CGI abuses --> Category: infos
BEA WebLogic Scripts Server scripts Source Disclosure Vulnerability Scan
Vulnerability Scan Summary
BEA WebLogic may be tricked into revealing the source code of JSP scripts.
Detailed Explanation for this Vulnerability Test
BEA WebLogic may be tricked into revealing the source code of JSP scripts
by using simple URL encoding of characters in the filename extension.
e.g.: default.js%70 (=default.jsp) won't be considered as a script but
rather as a simple document.
Vulnerable systems: WebLogic version 5.1.0 SP 6
Immune systems: WebLogic version 5.1.0 SP 8
Solution: Use the official patch available at http://www.bea.com
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.