Detections
Analytics
BEA WebLogic < 5.1.0 SP8 Hex-encoded Request JSP Source Disclosure
medium Nessus Network Monitor Plugin ID 1525
Synopsis
The remote host is running a vulnerable version of BEA WebLogic.Description
BEA WebLogic may be tricked into revealing the source code of the remote JSP scripts by using simple URL encoding of the characters in the filename extensions (ie: default.js%70 instead of .jsp).Solution
Upgrade to WebLogic version 5.1.0 SP8 or higher.See Also
http://archives.neohapsis.com/archives/bugtraq/2001-03/0463.html
Plugin Details
Severity: Medium
ID: 1525
Family: Web Servers
Published: 8/18/2004
Updated: 3/6/2019
Nessus ID: 10715
Vulnerability Information
CPE: cpe:/a:bea:weblogic_server
Reference Information
BID: 2527