icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

BEA WebLogic < 6.1 SP2 Encoded Null Byte Request JSP Source Disclosure

Medium

Synopsis

The remote host is running a vulnerable version of BEA WebLogic.

Description

The remote BEA WebLogic server may be tricked into revealing the source code of the remote JSP scripts by adding an encoded character (ie: %00x) at the end of the request.

Solution

Upgrade to WebLogic 6.1 SP2 or higher.