BEA WebLogic internal hostname disclosure

From: Michael Hendrickx (michaelat_private)
Date: Wed Apr 02 2003 - 01:27:10 PST

Next message: SGI Security Coordinator: "[Full-Disclosure] Sendmail parseaddr security vulnerability on IRIX"

Previous message: euronymous: "XSS in Python Documentation Server"
Next in thread: Kurt Seifried: "Re: BEA WebLogic internal hostname disclosure"
Reply: Kurt Seifried: "Re: BEA WebLogic internal hostname disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

During a penentration test, I discovered that the BEA Weblogic Server 
reveals it hostname (on windows machines NetBIOS name) while sending the 
following request:

GET . HTTP/1.0\r\n\r\n

On older systems (Weblogic 7.0), a simple "BLAH . BLAH\r\n\r\n" will do 
the same trick.  BEA was contacted about two weeks ago, but I haven't 
heard from them (yet).

Regards,
Michael

-- 
Michael Hendrickx
Security Engineer
Scanit NV/SA
http://www.scanit.be

Next message: SGI Security Coordinator: "[Full-Disclosure] Sendmail parseaddr security vulnerability on IRIX"
Previous message: euronymous: "XSS in Python Documentation Server"
Next in thread: Kurt Seifried: "Re: BEA WebLogic internal hostname disclosure"
Reply: Kurt Seifried: "Re: BEA WebLogic internal hostname disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 02 2003 - 14:14:26 PST