[29608] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

BEA WebLogic internal hostname disclosure

daemon@ATHENA.MIT.EDU (Michael Hendrickx)
Wed Apr 2 17:14:44 2003

Message-ID: <3E8AACEE.5080205@scanit.be>
Date: Wed, 02 Apr 2003 11:27:10 +0200
From: Michael Hendrickx <michael@scanit.be>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

During a penentration test, I discovered that the BEA Weblogic Server 
reveals it hostname (on windows machines NetBIOS name) while sending the 
following request:

GET . HTTP/1.0\r\n\r\n

On older systems (Weblogic 7.0), a simple "BLAH . BLAH\r\n\r\n" will do 
the same trick.  BEA was contacted about two weeks ago, but I haven't 
heard from them (yet).

Regards,
Michael

-- 
Michael Hendrickx
Security Engineer
Scanit NV/SA
http://www.scanit.be


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29608] in bugtraq

BEA WebLogic internal hostname disclosure

daemon@ATHENA.MIT.EDU (Michael Hendrickx)Wed Apr 2 17:14:44 2003

daemon@ATHENA.MIT.EDU (Michael Hendrickx)
Wed Apr 2 17:14:44 2003