icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

WebLogic Server < 6.0 SP1 Encoded Request Directory Listing

Medium

Synopsis

The remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files.

Description

The remote WebLogic server discloses the listing of the page directories when a user submits a URL finishing with %00, %2e, %2f or %5c. An attacker may use this flaw to view the source code of JSP files or other dynamic content.

Solution

Upgrade to WebLogic 6.0 SP1