Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

BEA WebLogic < 5.1 SP 11 JSP Source Disclosure

Medium

Synopsis

The remote WebLogic server may be tricked into revealing the source code of JSP scripts by prefixing their path by '/*.shtml/'.

Description

The remote WebLogic server may be tricked into revealing the source code of JSP scripts by prefixing their path by '/*.shtml/'.

Solution

Upgrade to version 5.1 SP 11 or higher.