BugTraq
BEA WebLogic internal hostname disclosure Apr 02 2003 09:27AM
Michael Hendrickx (michael scanit be) (1 replies)
Hi,

During a penentration test, I discovered that the BEA Weblogic Server
reveals it hostname (on windows machines NetBIOS name) while sending the
following request:

GET . HTTP/1.0\r\n\r\n

On older systems (Weblogic 7.0), a simple "BLAH . BLAH\r\n\r\n" will do
the same trick. BEA was contacted about two weeks ago, but I haven't
heard from them (yet).

Regards,
Michael

--
Michael Hendrickx
Security Engineer
Scanit NV/SA
http://www.scanit.be

[ reply ]
Re: BEA WebLogic internal hostname disclosure Apr 03 2003 09:00AM
Kurt Seifried (kurt seifried org)


 

Privacy Statement
Copyright 2010, SecurityFocus