Reported January 8, 2002, by Peter Gründl.
BEA Weblogic Server 6.1 for Windows 2000
BEA Weblogic Server 6.1 for Windows NT
A Denial of Service (DoS) condition exists in BEA Weblogic Server 6.1. By appending a DOS device request to a .jsp file request, such as “aux.jsp,” an attacker can invoke an external compiler with a working thread that never finishes. When the intruder uses 10 or more working threads in this manner, the server will no longer process any more requests, even if the requests are legitimate.
Discovered by Peter Gründl.