BEA Systems WebLogic Server Directory Traversal Vulnerability

It is possible for an attacker to directory traverse the web folders of a BEA Systems WebLogic Server. Submitting a a URL with a known directory, and appended with specific ascii characters, will disclose the contents of the requested resource. The ASCII characters in question are %00, %2e, %2f and %5c. This vulnerability could allow the reading of files residing on the target system.


 

Privacy Statement
Copyright 2010, SecurityFocus