PT-2000-1438 · Bea · Bea Weblogic

Published

2000-06-21

Updated

2017-10-10

CVE-2000-0500

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions BEA WebLogic version 5.1.0

Description The default configuration of the software allows a remote attacker to view the source code of programs by requesting a URL beginning with "/file/", which causes the default servlet to display the file without further processing.

Recommendations For BEA WebLogic version 5.1.0, consider reconfiguring the default servlet to prevent it from displaying files without further processing, or restrict access to the "/file/" URL to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-0500

Affected Products

Bea Weblogic

PT-2000-1438 · Bea · Bea Weblogic

CVE-2000-0500

Related Identifiers

Affected Products

References · 7