Detections
Analytics

BEA WebLogic Null Byte Request JSP Source Disclosure

medium Nessus Plugin ID 10949

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

BEA WebLogic may be tricked into revealing the source code of JSP scripts by adding an encoded character (%00x) at the end of the request.

Solution

Use the official patch available at http://www.bea.com or upgrade to a version newer than 6.1SP2.

See Also

https://seclists.org/bugtraq/2002/Apr/422

Plugin Details

Severity: Medium

ID: 10949

File Name: BEA_weblogic_Reveal_Script_Code_2.nasl

Version: 1.31

Type: remote

Family: CGI abuses

Published: 5/2/2002

Updated: 1/19/2021

Supported Sensors: Nessus