Weblogic SSIServlet Show Code Vulnerability
BID:1517
Info
Weblogic SSIServlet Show Code Vulnerability
| Bugtraq ID: | 1517 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 31 2000 12:00AM |
| Updated: | Jul 31 2000 12:00AM |
| Credit: | This vulnerability was discovered by Foundstone Inc. and posted to the Bugtraq mailing list on July 28, 2000. |
| Vulnerable: |
BEA Systems Weblogic Server 5.1 x BEA Systems WebLogic Express 5.1 x BEA Systems WebLogic Enterprise 5.1 |
| Not Vulnerable: | |
Discussion
Weblogic SSIServlet Show Code Vulnerability
Certain versions of BEA Systems Weblogic server ship with a vulnerability which allows malicious users to view the source of .jsp and .jhtml pages which reside in the web document root directory.
This is possible due to a mistake in the provided weblogic.properties configuration which manifests itself if a user sends a request prefixed with /*.shtml/ . This will result in the SSIServlet (Server Side Include Servlet) being forced to display documents in the unparsed (raw precompiled) formats.
Certain versions of BEA Systems Weblogic server ship with a vulnerability which allows malicious users to view the source of .jsp and .jhtml pages which reside in the web document root directory.
This is possible due to a mistake in the provided weblogic.properties configuration which manifests itself if a user sends a request prefixed with /*.shtml/ . This will result in the SSIServlet (Server Side Include Servlet) being forced to display documents in the unparsed (raw precompiled) formats.
References
Weblogic SSIServlet Show Code Vulnerability
References:
References:
- Weblogic (BEA Systems)
- WebLogic Server JSP Configuration (BEA Systems)