There are two security problems in the BEA WebLogic line of web servers.
CVE 2000-0682
CVE 2000-0683
The first vulnerability could allow a remote attacker to
view the source code of any file within the web document
tree. Depending upon the configuration, it is possible
to exploit this vulnerability using the File Servlet
or the Server Side Include Servlet. If the example
weblogic.properties file is used, these
servlets can be accessed through the ConsoleHelp alias
and the virtual name *.shtml, respectively. Source code from some scripts could include sensitive
information such as passwords or directory paths which could
be used in a subsequent attack against the server.
BEA WebLogic Enterprise 5.1.x and BEA WebLogic Server and Express 4.5.x and 5.1.x are vulnerable in certain configurations, including the configuration resulting from the example weblogic.properties file.
CVE 2000-0684
CVE 2000-0685
The second vulnerability could allow a misconfigured or
malicious application to write files to the web document
root. Executable code could be inserted into JSP or
jHTML pages and would be executed the next time the
page was retrieved by a client. BEA WebLogic Enterprise
5.1.x, and all versions of WebLogic Server and Express
are vulnerable.
Alternatively, apply the Show Code patch. Contact support@bea.com to obtain the patch. After the patch has been applied, make sure the following changes have taken place in weblogic.properties:
weblogic.httpd.register.file=weblogic.servlet.FileServlet
weblogic.httpd.initArgs.file=defaultFilename=index.html
weblogic.httpd.defaultServlet=file
should be changed to:
weblogic.httpd.register.*.html=weblogic.servlet.FileServlet
weblogic.httpd.initArgs.*.html=defaultFilename=index.html
weblogic.httpd.defaultServlet=*.html
The resolution for the second vulnerability is to use proper access controls on the web document root, and to remove any unnecessary applications. See BEA Security Advisory 00-04.00 for specific fix information.
For more information on the second vulnerability, see BEA Security Advisory 00-04.00.