Multiple Vulnerabilities in BEA Weblogic

Reported April 29, 2002, by Peter Gründl.


  • BEA WebLogic 6.1 Service Pack 2 (SP2) for Windows 2000



Multiple vulnerabilities exist in BEA WebLogic 6.1 SP2 for Windows 2000. A problem with the URL parser in Bea WebLogic could let an attacker reveal the physical path to the Web root, cause a Denial of Service (DoS) attack, or reveal the source code of .jsp files.


  • By appending %00.jsp to a normal .html request, an attacker can in some cases generate a compiler error that prints out the path to the physical Web root.

  • By requesting a DOS device and appending .jsp to the request, an attacker can exhaust working threads, which will cause the Web service to stop parsing HTTP and HTTP over Secure Sockets Layer (HTTPS) requests.

  • An attacker can use several methods to manipulate the URL in a way that will let the attacker read the contents of a .jsp file. For example, a malicious user can append "%00x" or "+." (exclamation marks excluded) to a request for a .jsp file and read the contents of the .jsp file.



The vendor, BEA, has released a patch that resolves these vulnerabilities.


Discovered by Peter Gründl.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.