BEA WebLogic Meta-Character Directory Listing

2001-03-27T00:00:00
ID OSVDB:576
Type osvdb
Reporter OSVDB
Modified 2001-03-27T00:00:00

Description

Vulnerability Description

The WebLogic server contains a flaw which lists the contents of directories if certain strings are appended to requests. This could allow sensitive information to be disclosed to attackers.

Technical Description

Requesting a directory with %00/, %2e/, %2f/ or %5c/ appended to the end causes the WebLogic server to list the directory contents.

Solution Description

To fix this vulnerability, upgrade to WebLogic Server 6.0 SP 1 or higher. If unable to upgrade, as a workaround, for each deployed application uncheck "Index Directories" in the console under "Configuration/Files".

Short Description

The WebLogic server contains a flaw which lists the contents of directories if certain strings are appended to requests. This could allow sensitive information to be disclosed to attackers.

Manual Testing Notes

Perform a GET request and append each string to the end of the URL to see if a directory listing is returned: http://server/%00/ http://server/%2e/ http://server/%2f/ http://server/%5c/

References:

Vendor Specific Solution URL: http://commerce.beasys.com/showallversions.jsp?family=WLS Vendor Specific Advisory URL Nessus Plugin ID:10698 ISS X-Force ID: 6283 Generic Informational URL: http://www.securityfocus.com/advisories/3182 Bugtraq ID: 2513