Reported
April 29, 2002, by Peter
Gründl.
VERSION
AFFECTED
BEA
WebLogic 6.1 Service Pack 2 (SP2) for Windows 2000
DESCRIPTION
Multiple
vulnerabilities exist in BEA WebLogic 6.1 SP2 for Windows 2000. A
problem with the URL parser in Bea WebLogic could let an attacker reveal the
physical path to the Web root, cause a Denial of Service (DoS) attack, or reveal
the source code of .jsp files.
By
appending %00.jsp to a normal .html request, an attacker can in some cases
generate a compiler error that prints out the path to the physical Web root.
By
requesting a DOS device and appending .jsp to the request, an attacker can
exhaust working threads, which will cause the Web service to stop parsing
HTTP and HTTP over Secure Sockets Layer (HTTPS) requests.
An
attacker can use several methods to manipulate the URL in a way that will
let the attacker read the contents of a .jsp file. For example, a malicious
user can append "%00x" or "+." (exclamation marks
excluded) to a request for a .jsp file and read the contents of the .jsp
file.
VENDOR
RESPONSE
The
vendor, BEA, has released a patch
that resolves these vulnerabilities.
CREDIT
Discovered by Peter
Gründl.
Multiple Vulnerabilities in BEA Weblogic
0 comments
Hide comments