WebLogic Server /%00/ bug

Summary
Requesting a URL with '%00', '%2e', '%2f' or '%5c' appended to it makes some WebLogic servers dump the listing of the page directory, thus showing potentially sensitive files. An attacker may also use this flaw to view the source code of JSP files, or other dynamic content. Reference : http://www.securityfocus.com/bid/2513
Solution
upgrade to WebLogic 6.0 with Service Pack 1