BEA Systems WebLogic Express 3.1.8/4/5 - Source Code Disclosure

Author: Foundstone Inc.
type: remote
platform: multiple
port: 
date_added: 2000-06-21 
date_updated: 2012-07-22 
verified: 1 
codes: CVE-2000-0500;OSVDB-1414 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/1378/info

Within WebLogic Server and WebLogic Express there are four main java servlets registered to serve different kind of files. A default servlet exists if a requested file does not have an assigned servlet.

If an http request is made that includes "/file/", the server calls upon the default servlet which will cause the page to display the source code in the web browser.

http://target/file/filename