漏洞类别:Web server漏洞等级: 
漏洞信息
BEA Systems WebLogic Server is an Enterprise-level Web and wireless application server.
If the letters in a JSP or a JHTML file extension are changed from lower case to upper case in a URL, such as .jsp to .JSP, then the server does not recognize the file extension and sends the file normally.
漏洞危害
As a result of this vulnerability being exploited, unauthorized remote users can access the source code for those specific files.
解决方案
As a workaround, you can add handlers of all possible configurations, including upper and lower case combinations, for the specific file extensions.
BEA Systems released a patch (caseSensitiveNTFix318.zip) for Version 3.1.8, which is available for download from the following FTP site:
ftp://ftpna.beasys.com/pub/releases/318/caseSensitiveNTFix318.ziphref="
0day
文章评论