logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

BEA WebLogic Server Internal Hostname Disclosure
Date: 2003-04-04

Author : Michael Hendrickx <michael@scanit.be>

Hi,


During a penentration test, I discovered that the BEA Weblogic Server
reveals it hostname (on windows machines NetBIOS name) while sending the
following request:


GET . HTTP/1.0\r\n\r\n


On older systems (Weblogic 7.0), a simple "BLAH . BLAH\r\n\r\n" will do
the same trick. BEA was contacted about two weeks ago, but I haven't
heard from them (yet).


Regards,
Michael

--
Michael Hendrickx
Security Engineer
Scanit NV/SA
http://www.scanit.be



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy