Bugtraqid1328classDesignErrorcveCVE-2000-0499remoteYeslocalYespublishedJune08, 2000updatedNovember10, 2000vulnerableBEASystemsWeblogic4. 5.1 bugtraq id 1328
Class Design Error
Cve CVE-2000-0499
Remote Yes
Local Yes
Pubhed June 08,200 0
Updated November 10,200 0
Vulnerable BEA Systems Weblogic 4.5.1
-Microsoft Windows NT 4.0
BEA Systems Weblogic 4.0.4
-Microsoft Windows NT 4.0
BEA Systems Weblogic 3.1.8
-Microsoft Windows NT 4.0
IBM Websphere Application Server 3.0.21
-Sun Solaris 8.0
-Microsoft Windows NT 4.0
-Linux kernel 2.3.x
-Ibm aix 4.3
Unify eWave ServletExec 3.0
-Sun Solaris 8.0
-Microsoft Windows 98
-Microsoft Windows NT 4.0
-Microsoft Windows NT 2000
-Linux kernel 2.3.x
-Ibm aix 4.3.2
-HP HP-UX 11.4
When webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly.
By changing the letters in a JSP or a JHTML file extension from lower case to upper case (eg :. jsp or. jhtml becomes. JSP or. JHTML) in a URL the server does not recognize the file extension and sends the file normally. in that manner, a user is able to access the source code to those specific files.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.