WebLogic Server and WebLogic Express are application servers based on Java Platform Enterprise Edition 5 (JavaEE5) and provided by Oracle (formerly BEA Systems, Inc.). Plug-ins for Apache, Sun, and Microsoft IIS web servers which are included in WebLogic Server and WebLogic Express contain a directory traversal vulnerability.
A remote attacker could, without authentication, view files on the server where either WebLogic Server or WebLogic Express is installed. This could lead to unintentional disclosure of file contents.
Update the Software
Apply the latest update provided by the vendor.
For more information, refer to the vendor's website.
## Products Affected
Following plug-ins included in WebLogic Sever and WebLogic Express before 2008 July 15.