|Category:||Remote file access|
|Title:||WebLogic Server /%00/ bug|
|Summary:||Requesting a URL with '%00', '%2e', '%2f' or '%5c' appended to it; makes some WebLogic servers dump the listing of the page directory, thus showing potentially sensitive files.|
Requesting a URL with '%00', '%2e', '%2f' or '%5c' appended to it
makes some WebLogic servers dump the listing of the page directory, thus showing potentially sensitive files.
An attacker may also use this flaw to view
the source code of JSP files, or other dynamic content.
Upgrade to WebLogic 6.0 with Service Pack 1.
BugTraq ID: 2513|
|Copyright||Copyright (C) 2001 StrongHoldNet|
|This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.