The default configuration of BEA WebLogic 3.1.8 through 4...
Moderate severity
Unreviewed
Published
Apr 30, 2022
to the GitHub Advisory Database
•
Updated Jan 26, 2024
Description
Published by the National Vulnerability Database
Jun 8, 2000
Published to the GitHub Advisory Database
Apr 30, 2022
Last updated
Jan 26, 2024
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
References