Описание
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
Ссылки
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:bea:weblogic_server:3.1.8:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:3.1.8:*:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.0:*:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.5:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:4.5:*:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:5.1:*:express:*:*:*:*:*
EPSS
Процентиль: 91%
0.06536
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
EPSS
Процентиль: 91%
0.06536
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other