Summary
BEA WebLogic may be tricked into revealing the source code of JSP scripts by using simple URL encoding of characters in the filename extension.
e.g.: default.js%70 (=default.jsp) won't be considered as a script but rather as a simple document.
Vulnerable systems: WebLogic version 5.1.0 SP 6
Immune systems: WebLogic version 5.1.0 SP 8
Solution
Use the official patch available at http://www.bea.com
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Apache Struts2/XWork Remote Command Execution Vulnerability
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities