WebLogic Server < 6.0 SP1 Encoded Request Directory Listing
Medium Nessus Network Monitor Plugin ID 1453
SynopsisThe remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files.
DescriptionThe remote WebLogic server discloses the listing of the page directories when a user submits a URL finishing with %00, %2e, %2f or %5c. An attacker may use this flaw to view the source code of JSP files or other dynamic content.
SolutionUpgrade to WebLogic 6.0 SP1