WebLogic Server /%00/ bug

Requesting a URL with '%00', '%2e', '%2f' or '%5c' appended to it makes some WebLogic servers dump the listing of the page directory, thus showing potentially sensitive files. An attacker may also use this flaw to view the source code of JSP files, or other dynamic content. Reference : http://www.securityfocus.com/bid/2513
upgrade to WebLogic 6.0 with Service Pack 1