Nessus Plugin #10698
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
WebLogic Server /%00/ bug
- Family:
- Remote file access
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2001 StrongHoldNet
- Summary:
- Make a request like http://www.example.com/%00/
- Version:
- $Revision: 1.18 $
- Cve_id:
- -
- Bugtraq_id:
- 2513
- Xrefs:
- -
- Description:
Requesting a URL with '%00', '%2e', '%2f' or '%5c' appended to it
makes some WebLogic servers dump the listing of the page
directory, thus showing potentially sensitive files.
An attacker may also use this flaw to view
the source code of JSP files, or other dynamic content.
Reference : http://www.securityfocus.com/bid/2513
Risk factor : High
Solution : upgrade to WebLogic 6.0 with Service Pack 1
Generiert am 27.04.2005 um 18:49:54 Uhr.