Issue metadata
Sign in to add a comment
|
Security: BEA WebLogic GET Hostname Disclosure = http://www.google.com.tr/?gfe_rd=cr&dcr=0&ei=ChqxWq_iCeuAX6-jsegC
Reported by
mustafab...@gmail.com,
Feb 28 2018
|
||||||||||||||||||
Issue descriptionID OSVDB:5737 Type osvdb Vulnerability Description BEA WebLogic Server contains a flaw that may lead to an unauthorized information disclosure. With a specially crafted HTTP GET request, an remote attacker can cause the server to disclose hostname information resulting in a loss of confidentiality. Solution Description Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Filter requests that start with a “.” in a proxy or firewall with URL filtering capabilities. Short Description BEA WebLogic Server contains a flaw that may lead to an unauthorized information disclosure. With a specially crafted HTTP GET request, an remote attacker can cause the server to disclose hostname information resulting in a loss of confidentiality Manual Testing Notes telnet [victim] 80 GET . HTTP/1.0\r\n\r\n Referance :https://www.oracle.com/corporate/acquisitions/bea/index.html
,
Jun 7 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Feb 28 2018