| VID |
22107 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The WebLogic Server has a source code disclosure vulnerability.
BEA Systems WebLogic Server is an enterprise level web and wireless application server. BEA WebLogic Server versions 5.1.0 SP6 and earlier could allow a remote attacker to view the source code of JavaServer Pages (JSP). Due to a parsing error in WebLogic, a remote attacker can submit a URL request appended with the character string "%70" to reveal the source code of the requested JSP file. If successfully exploited this vulnerability could lead to the disclosure of sensitive information contained within JSP pages. This information may assist in further attacks against the host.
* References:
http://www.securityfocus.com/bid/2527
http://www.iss.net/security_center/static/6315.php |
| Recommendation |
Upgrade to the latest version of BEA WebLogic Server (5.1.0 SP8 or later), available from the BEA WebLogic Download Page:
http://commerce.bea.com/downloads/weblogic_server.jsp#wls |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
