vulnerability of BEA WebLogic Hex Encoded Request JSP Source Disclosure (10715)
-
Synopsis
The remote web server is affected by an information disclosure vulnerability.
Description
The version of BEA WebLogic installed on the remote host may be tricked into revealing the source code of JSP scripts by using simple URL encoding of characters in the filename extension.
Solution
Use the official patch available at http://www.bea.com/ to upgrade to WebLogic version 5.1.0 SP 8 or later.Thank you for your help.
WP.com: Yes
Correct account: YesThe blog I need help with is: (visible only to logged in users)
-
@globalrelayoperations, could you clarify what site you need help with? Also, where are you getting this error?
-
websites are: globalrelayggp.org and grbridgethegap.com
This vulnerability was found by using a nessus scanner -
Thanks. Both of these sites get direct support from the team that manages sites with outside plugins and what not. Can you log in as the site owner and open a chat here?
https://wordpress.com/help/contactWe’ll also share this with our security folks.
-
Just to follow up on this, our security team let us know the server doesn’t use BEA WebLogic, so it would seem this is a false positive.
Cheers!
- The topic ‘vulnerability of BEA WebLogic Hex Encoded Request JSP Source Disclosure (10715)’ is closed to new replies.
WordPress.com Forums 