BEA WebLogic < 6.1 SP2 Encoded Null Byte Request JSP Source Disclosure
Medium Nessus Network Monitor Plugin ID 1526
SynopsisThe remote host is running a vulnerable version of BEA WebLogic.
DescriptionThe remote BEA WebLogic server may be tricked into revealing the source code of the remote JSP scripts by adding an encoded character (ie: %00x) at the end of the request.
SolutionUpgrade to WebLogic 6.1 SP2 or higher.