Weblogic SSIServlet Show Code Vulnerability

Solution:
The following information was made available by BEA Systems:

(1) Apply the "Show Code" vulnerability patch available from BEA Technical Support. This patch is available for:

Version: The J-Engine in BEA WebLogic Enterprise 5.1.x BEA WebLogic Server and Express 5.1.x BEA WebLogic Server and Express 4.5.x

Action: Contact BEA Technical Support at support@bea.com for patch. lete R Reply (2) Once the patch has been applied, review the weblogic.propertiesfile and ensure that the following changes have been made:

weblogic.httpd.register.file=weblogic.servlet.FileServlet weblogic.httpd.initArgs.file=defaultFilename=index.html weblogic.httpd.defaultServlet=file

should be changed to:

weblogic.httpd.register.*.html=weblogic.servlet.FileServlet weblogic.httpd.initArgs.*.html=defaultFilename=index.html weblogic.httpd.defaultServlet=*.html

Future Service Packs for BEA WebLogic Server and Express will also contain the patch to address this vulnerability.



 

Privacy Statement
Copyright 2010, SecurityFocus