File: 2139.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (57 lines) | stat: -rw-r--r-- 1,401 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
Rule:

--
Sid: 2139


--
Summary:
This event is generated when an attempt is made to exploit a vulnerabliity in BEA Systems WebLogic server. 

--
Impact:
Information gathering, source code disclosure.

--
Detailed Information:
This event indicates that an attempt has been made to exploit a vulnerabliity in BEA Systems WebLogic server.

A weakness in the configuration of the WebLogic server from BEA Systems allows an attacker to view the source code of .jsp and .jhtml pages that reside in the root directory of the webserver. A request for these documents prefixed with /*.shtml/ will exploit a vulnerability in the handling of Server Side Include Servlet (SSIServlet) such that the webserver will return the documents unparsed, rendering the source code viewable.

--
Affected Systems:
BEA Systems WebLogic Enterprise 5.1 and 5.1.x

--
Attack Scenarios:
An attacker can retrieve the source code of a .jsp file by making a web request in the form: http://www.foo.com/*.shtml/target.jsp.

--
Ease of Attack:
Simple. No exploit software required.

--
False Positives:
None Known.

--
False Negatives:
None Known.

--
Corrective Action:
Apply the appropriate vendor supplied patches

Upgrade to the latest non-affected version of the software

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:


--