| VID |
22001 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
BEA WebLogic Server version 6.0 could allow an attacker to traverse directories on the Web server. An attacker can request a URL followed by a specific ASCII representation, such as "%00", "%2E", "%2F", or "%5c" to bypass the default document and display the contents of the Web folder. She/He may also use this flaw to view the source code of JSP files, or other dynamic contents.
* References:
http://www.securityfocus.com/bid/2513
http://www.iss.net/security_center/static/6283.php
Platforms Affected:
WebLogic Server 6.0
Windows: All Versions |
| Recommendation |
Upgrade to the latest version of WebLogic (6.0 SP1 or later), available from the BEA WebLogic Download Page at http://commerce.bea.com/downloads/weblogic_server.jsp |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
