Weblogic FileServlet Show Code Vulnerability
BID:1518
Info
Weblogic FileServlet Show Code Vulnerability
| Bugtraq ID: | 1518 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Unknown |
| Published: | Jul 31 2000 12:00AM |
| Updated: | Jul 31 2000 12:00AM |
| Credit: | This vulnerability was discovered by Foundstone Inc. and posted to the Bugtraq mailing list on July 28, 2000. |
| Vulnerable: |
BEA Systems Weblogic Server 5.1 x BEA Systems WebLogic Express 5.1 x BEA Systems WebLogic Enterprise 5.1 |
| Not Vulnerable: | |
Discussion
Weblogic FileServlet Show Code Vulnerability
Certain versions of BEA Systems Weblogic server ship with a vulnerability which allows malicious users to view the source documents which reside in the web document root directory.
This is possible due to a mistake in the provided weblogic.properties configuration which manifests itself if a user sends a request prefixed with /ConsoleHelp/ . This will result in the Fileservlet being forced to display documents in the unparsed (raw precompiled) formats.
Certain versions of BEA Systems Weblogic server ship with a vulnerability which allows malicious users to view the source documents which reside in the web document root directory.
This is possible due to a mistake in the provided weblogic.properties configuration which manifests itself if a user sends a request prefixed with /ConsoleHelp/ . This will result in the Fileservlet being forced to display documents in the unparsed (raw precompiled) formats.
Solution / Fix
Weblogic FileServlet Show Code Vulnerability
Solution:
Please refer to BEA security advisory BEA00-03.00.
From the vendor (as appears in BEA00-03.00):
(1) Apply the "Show Code" vulnerability patch available from BEA Technical Support. This patch is available for:
Version: The J-Engine in BEA WebLogic Enterprise 5.1.x BEA WebLogic Server and Express 5.1.x BEA WebLogic Server and Express 4.5.x
Action: Contact BEA Technical Support at [email protected] for patch.
(2) Once the patch has been applied, review the weblogic.propertiesfile and ensure that the following changes have been made:
weblogic.httpd.register.file=weblogic.servlet.FileServlet weblogic.httpd.initArgs.file=defaultFilename=index.html weblogic.httpd.defaultServlet=file
should be changed to:
weblogic.httpd.register.*.html=weblogic.servlet.FileServlet weblogic.httpd.initArgs.*.html=defaultFilename=index.html weblogic.httpd.defaultServlet=*.html
Future Service Packs for BEA WebLogic Server and Express will also contain the patch to address this vulnerability.
Solution:
Please refer to BEA security advisory BEA00-03.00.
From the vendor (as appears in BEA00-03.00):
(1) Apply the "Show Code" vulnerability patch available from BEA Technical Support. This patch is available for:
Version: The J-Engine in BEA WebLogic Enterprise 5.1.x BEA WebLogic Server and Express 5.1.x BEA WebLogic Server and Express 4.5.x
Action: Contact BEA Technical Support at [email protected] for patch.
(2) Once the patch has been applied, review the weblogic.propertiesfile and ensure that the following changes have been made:
weblogic.httpd.register.file=weblogic.servlet.FileServlet weblogic.httpd.initArgs.file=defaultFilename=index.html weblogic.httpd.defaultServlet=file
should be changed to:
weblogic.httpd.register.*.html=weblogic.servlet.FileServlet weblogic.httpd.initArgs.*.html=defaultFilename=index.html weblogic.httpd.defaultServlet=*.html
Future Service Packs for BEA WebLogic Server and Express will also contain the patch to address this vulnerability.