BEA WebLogic HTTP Header Version Information Disclosure

2004-09-13T00:00:00
ID OSVDB:9975
Type osvdb
Reporter BEA Systems()
Modified 2004-09-13T00:00:00

Description

Vulnerability Description

WebLogic Server and WebLogic Express contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends an HTTP request occurs, which will disclose the server version resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, BEA Systems has released a patch to address this vulnerability.

Short Description

WebLogic Server and WebLogic Express contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends an HTTP request occurs, which will disclose the server version resulting in a loss of confidentiality.

References:

Vendor URL: http://www.bea.com/ Vendor Specific Advisory URL Secunia Advisory ID:12524 Related OSVDB ID: 9974 Related OSVDB ID: 9978 Related OSVDB ID: 9972 Related OSVDB ID: 9973 Related OSVDB ID: 9976 Related OSVDB ID: 9977 Keyword: BEA04-70.00