漏洞类别:Web server漏洞等级: 
漏洞信息
BEA Systems WebLogic Server is an Enterprise-level Web and wireless application server.
It's possible for an attacker to traverse the intended structure of the Web folders of a BEA Systems WebLogic Server by submitting a URL containing a known directory name, and appending it with specific ASCII characters. If present, the contents of the requested resource will be disclosed. The ASCII characters in question are %00, %2e, %2f and %5c.
漏洞危害
A malicious user could gain access to various files residing on the target outside the Web server's specified directory tree. Successful exploitation of this vulnerability could reveal sensitive information, which could then be used in further attacks against the host.
解决方案
Refer to security advisory BEA02-03.03 to obtain additional information.
0day
文章评论