Hi, During a penentration test, I discovered that the BEA Weblogic Server reveals it hostname (on windows machines NetBIOS name) while sending the following request: GET . HTTP/1.0\r\n\r\n On older systems (Weblogic 7.0), a simple "BLAH . BLAH\r\n\r\n" will do the same trick. BEA was contacted about two weeks ago, but I haven't heard from them (yet). Regards, Michael -- Michael Hendrickx Security Engineer Scanit NV/SA http://www.scanit.be
This archive was generated by hypermail 2b30 : Wed Apr 02 2003 - 14:14:26 PST