WebLogic Crafted GET Request Hostname Disclosure

Medium Nessus Plugin ID 11606


The remote service is vulnerable to information disclosure.


The remote WebLogic server discloses its NetBIOS host name when it is issued a request generating a redirection.

An attacker may use this information to better prepare other attacks against this host.


Currently, there are no known upgrades or patches to correct this issue.
Filter requests that start with a "." in a proxy or firewall with URL filtering capabilities.

See Also


Plugin Details

Severity: Medium

ID: 11606

File Name: weblogic_hostname_disclosure.nasl

Version: $Revision: 1.21 $

Type: remote

Family: Web Servers

Published: 2003/05/08

Modified: 2016/11/29

Dependencies: 56979

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:oracle:weblogic_server

Required KB Items: www/weblogic

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2003/04/02

Reference Information

BID: 7257

OSVDB: 5737