The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Weblogic_server | Bea | 3.1.8 | 3.1.8 |
Weblogic_server | Bea | 3.1.8 | 3.1.8 |
Weblogic_server | Bea | 4.0 | 4.0 |
Weblogic_server | Bea | 4.0 | 4.0 |
Weblogic_server | Bea | 4.5 | 4.5 |
Weblogic_server | Bea | 4.5 | 4.5 |
Weblogic_server | Bea | 5.1 | 5.1 |
Weblogic_server | Bea | 5.1 | 5.1 |