Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

BEA WebLogic < 6.1 SP2 Encoded Null Byte Request JSP Source Disclosure

Medium

Synopsis

The remote host is running a vulnerable version of BEA WebLogic.

Description

The remote BEA WebLogic server may be tricked into revealing the source code of the remote JSP scripts by adding an encoded character (ie: %00x) at the end of the request.

Solution

Upgrade to WebLogic 6.1 SP2 or higher.