Summary
BEA WebLogic may be tricked into revealing the source code of JSP scripts by using simple URL encoding of characters in the filename extension.
e.g.: default.js%70 (=default.jsp) won't be considered as a script but rather as a simple document.
Vulnerable systems: WebLogic version 5.1.0 SP 6
Immune systems: WebLogic version 5.1.0 SP 8
Solution
Use the official patch available at http://www.bea.com
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- AlienForm CGI script
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability