漏洞类别:Web server漏洞等级: 
漏洞信息
BEA Systems WebLogic Server is an Enterprise-level Web and wireless application server.
Some versions of BEA Systems Weblogic Server contain a vulnerability allowing unauthorized users to view the source of .jsp and .jhtml pages residing in the Web document root directory. This is possible because of an error in the weblogic.properties configuration, which appears when unauthorized users send a request prefixed with /*.shtml/.
漏洞危害
As a result, the SSIServlet (Server Side Include Servlet) is forced to display documents in unparsed (raw pre-compiled) formats.
解决方案
Refer to security advisory BEA02-03.03 to obtain additional information.
0day
文章评论