BEA Systems WebLogic Server and Express Source Code Disclosure Vulnerability

Within WebLogic Server and WebLogic Express there are four main java servlets registered to serve different kind of files. A default servlet exists if a requested file does not have an assigned servlet.

If an http request is made that includes "/file/", the server calls upon the default servlet which will cause the page to display the source code in the web browser.


Privacy Statement
Copyright 2010, SecurityFocus