BEA Systems WebLogic Server and Express Source Code Disclosure Vulnerability

BEA Systems WebLogic Server and Express Source Code Disclosure Vulnerability

Within WebLogic Server and WebLogic Express there are four main java servlets registered to serve different kind of files. A default servlet exists if a requested file does not have an assigned servlet.

If an http request is made that includes "/file/", the server calls upon the default servlet which will cause the page to display the source code in the web browser.