Detections
Analytics
BEA WebLogic < 6.1 SP2 Encoded Null Byte Request JSP Source Disclosure
medium Nessus Network Monitor Plugin ID 1526
Synopsis
The remote host is running a vulnerable version of BEA WebLogic.Description
The remote BEA WebLogic server may be tricked into revealing the source code of the remote JSP scripts by adding an encoded character (ie: %00x) at the end of the request.Solution
Upgrade to WebLogic 6.1 SP2 or higher.See Also
http://archives.neohapsis.com/archives/bugtraq/2002-04/0411.html
Plugin Details
Severity: Medium
ID: 1526
Family: Web Servers
Published: 8/18/2004
Updated: 3/6/2019
Nessus ID: 10949
Vulnerability Information
CPE: cpe:/a:bea:weblogic_server
Reference Information
BID: 2527