JVN#81667751 Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins

2008-07-18T00:00:00
ID JVN:81667751
Type jvn
Reporter Japan Vulnerability Notes
Modified 2008-07-18T00:00:00

Description

## Description

WebLogic Server and WebLogic Express are application servers based on Java Platform Enterprise Edition 5 (JavaEE5) and provided by Oracle (formerly BEA Systems, Inc.). Plug-ins for Apache, Sun, and Microsoft IIS web servers which are included in WebLogic Server and WebLogic Express contain a directory traversal vulnerability.

## Impact

A remote attacker could, without authentication, view files on the server where either WebLogic Server or WebLogic Express is installed. This could lead to unintentional disclosure of file contents.

## Solution

Update the Software
Apply the latest update provided by the vendor.
For more information, refer to the vendor's website.

## Products Affected

Following plug-ins included in WebLogic Sever and WebLogic Express before 2008 July 15.

  • Plug-in for Apache
  • Plug-in for NSAPI(Netscape Server Application Program Interface)
  • Plug-in for ISAPI(Internet Server Application Program Interface) For more information, refer to the vendor's website.