BEA WebLogic May Disclose Internal Hostname to Remote Users
|
|
SecurityTracker Alert ID: 1006448 |
|
SecurityTracker URL: http://securitytracker.com/id/1006448
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 2 2003
|
Impact:
Disclosure of system information
|
Exploit Included: Yes
|
|
Description:
An information disclosure vulnerability was reported in BEA's WebLogic server. A remote user can determine the target server's internal hostname.
It is reported that a remote user can send the following URL to the server to determine the server's internal hostname:
GET . HTTP/1.0\r\n\r\n
On Windows-based system, the name returned is the NetBIOS name.
The vendor has reportedly been notified.
|
Impact:
A remote user can determine the server's internal host name.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.bea.com/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Red Hat Linux), Linux (SuSE), OpenVMS, OS/400, UNIX (AIX), UNIX (HP/UX), UNIX (Open UNIX-SCO), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 02 Apr 2003 11:27:10 +0200
Subject: BEA WebLogic internal hostname disclosure
|
Hi,
During a penentration test, I discovered that the BEA Weblogic Server
reveals it hostname (on windows machines NetBIOS name) while sending the
following request:
GET . HTTP/1.0\r\n\r\n
On older systems (Weblogic 7.0), a simple "BLAH . BLAH\r\n\r\n" will do
the same trick. BEA was contacted about two weeks ago, but I haven't
heard from them (yet).
Regards,
Michael
--
Michael Hendrickx
Security Engineer
Scanit NV/SA
http://www.scanit.be
|
|
