Summary: Server vulnerabilities are the origin of security issues, and hackers' attacks on websites mostly start by finding the other party's vulnerabilities. Therefore, only by understanding your own vulnerabilities can website managers take corresponding countermeasures to prevent external attacks. The following are some common vulnerabilities in servers (including web servers and JSP servers).
What's going on with Apache leaking arbitrary file vulnerability?
In Apache 1.2 and later versions there is a mod_rewrite module that specifies the absolute path mapped by a special URL on the web server file system. If a rewrite rule containing the correct expression parameters is sent, the attacker can view any file on the target host.
The following is an example of rewriting rule directives (the first line only contains vulnerabilities):
RewriteRule /test/(.*) /usr/local/data/test-stuff/$1
RewriteRule /more-icons/(.*) /icons/$1
RewriteRule /go/(.*) /$1
Affected systems:
1)Apache 1.3.12
2)Apache 1.3.11win32
3)Apache 1.
Unaffected system: Apache 1.3.13
How to solve the problem of adding special characters to HTTP requests that cause exposure of JSP source code files?
Unify eWave ServletExec is a Java/Java Servlet engine plug-in, mainly used for WEB servers, such as Microsoft IIS, Apache, Netscape Enterprise servers, etc.
When one of the following characters is added to an HTTP request, ServletExec returns the JSP source code file.
.
%2E
+
%2B
\
%5C
%20
%00
Successfully exploiting this vulnerability will lead to the source code of the specified JSP file being leaked, for example: using any of the following URL requests to output the source code of the specified JSP file as follows:
1)http://target/directory/jsp/.
2)http://target/directory/jsp/%2E
3)http://target/directory/jsp/+
4)http://target/directory/jsp/%2B
5)http://target/directory/jsp/\
6)http://target/directory/jsp/%5C
7)http://target/directory/jsp/%20
8)http://target/directory/jsp/%00
Affected systems:
1)Unify eWave ServletExec 3.0c
2)Sun Solaris 8.0
3)Microsoft Windows 98
4)Microsoft Windows NT 4.0
5)Microsoft Windows NT 2000
6)Linux kernel 2.
7)IBM AIX 4.3.2
8)HP HP-UX 11.4
Solution:
If no static pages or images are used, you can configure a default servlet and map "/" to this default servlet. In this way, when a URL that is not mapped to a servlet is received, the default servlet will be called. In this case, the default servlet can simply return "file not found". If a static page or image is used, this configuration can still be made, but this default servlet needs to handle requests for legitimate static pages and images.
Another possibility is to map *.jsp+, *.jsp., and *.jsp\ etc. to a servlet, which just returns "file not found". For cases like *.jsp%00 and *.jsp%20, the mapping should be entered in unencoded form. For example, for the mapping of *.jsp%20, enter "*.jsp". Note that %20 is converted to a space character.
What are the vulnerabilities in Tomcat?
Tomcat 3.1 has problems exposing website paths
Tomcat 3.1 is a software developed in the Apache software environment that supports JSP 1.1 and Servlets 2.2. It has a security issue when sending a non-existent jsp request, it exposes the full path of the web page on the website.
For example:
:8080/
The results show:
Error: 404
Location: /
JSP file "/appsrv2/jakarta-tomcat/webapps/ROOT/" not found
Solution: Upgrade to a new version
Tomcat exposes JSP file content
Java Server Pages (JSP) type files are registered on Tomcat with the '.jsp' extension, which is case-sensitive, and '.jsp' and '.JSP' are different file extensions. If you submit a link with '.JSP' to Tomcat, and Tomcat cannot find '.JSP' will respond to the request with the default '.text' file type. Because case file names are non-sensitive in NT systems, the requested file will be sent in text.
If you are on a UNIX server, the error message "file not found" will appear.
How to implement code protection for Tomcat under Windows
Some versions of Tomcat have vulnerabilities to leak source code. If the suffix of the file is changed to capitalization when calling the JSP page in the browser, the source code of this JSP file will be completely output to the browser (maybe there is nothing in the browser window, at this time you just need to check the HTML source file to discover). In this way, will the source code of the website be exposed to the Internet?
Don't worry, the solution is very simple. Just write all the combinations of suffixes into Tomcat_Home\conf\. In this way, Tomcat will treat JSPs with different suffix names separately, and the code will not be leaked.
jsp
*.jsp
jsP
*.jsP
?lt;servlet-name>jSp
*.jSp
jSP
*.jSP
Jsp
*.Jsp
JsP
*.JsP
JSp
*.JSp
JSP
*.JSP
What are the vulnerabilities of the Allair Jrun vulnerability?
Allair JRUN Illegal Reading WEB-INF Vulnerability
There is a serious security vulnerability in JRUN Server version 2.3 of Allaire. It allows an attacker to view the WEB-INF directory in a JRun 3.0 server.
If the user submits a URL request, the URL becomes a deformed URL by appending a "/" to the URL, then all subdirectories under WEB-INF will be exposed. The attacker cleverly exploited this vulnerability will be able to remotely obtain read permissions for all files in the WEB-INF directory in the target host system.
For example, using the following URL will expose all files under WEB-INF:
:8100//WEB-INF/
Affected Systems: Allaire JRun 3.0
Solution: Download and install patches:
Allaire patch jr233p_ASB00_28_29
/jrun/jr233p_ASB00_28_29.zip
Windows 95/98/NT/2000 and Windows NT Alpha
Allaire patch jr233p_ASB00_28_29tar
/jrun/jr233p_ASB00_28_29.
UNIX/Linux patch - GNU gzip/tar
Allaire JRUN 2.3 View any file vulnerability
There is a multiple display code vulnerability on Allaire's JRUN server 2.3. The vulnerability allows an attacker to view the source code of any file in the root directory on a WEB server.
JRun 2.3 uses Java Servlets to parse pages of various types (for example: HTML, JSP, etc.). Based on file settings and , any servlet may be called with the URL prefix "/servlet/".
It may use Jrun's SSIFilter servlet to retrieve arbitrary files on the target system. The following 2 examples show URLs that can be used to retrieve any file:
http://jrun:8000/servlet//../../t
http://jrun:8000/servlet//../../../../../../../
http://jrun:8000/servlet//../../. ./../../../../winnt/repair/sam
http://jrun:8000/servlet/ssifilter/../../
http://jrun:8000/servlet/ssifilter/../../../../../../../
http://jrun:8000/servlet/ssifilter/../../../../../../../winnt/repair/sam._
Note: Assume JRun is running on the host "jrun" with port 8000.
Affected System: Allaire JRun 2.
Solution: Download and install patches:
Allaire patch jr233p_ASB00_28_29
/jrun/jr233p_ASB00_28_29.zip
Windows 95/98/NT/2000 and Windows NT Alpha
Allaire patch jr233p_ASB00_28_29tar
/jrun/jr233p_ASB00_28_29.
UNIX/Linux patch - GNU gzip/tar
Allaire JRUN 2.3 Remote execution of arbitrary command vulnerability
There is a security vulnerability on Allaire's JRUN server 2.3, allowing remote users to compile/execute any files on the WEB server as JSP code. If the target file requested by the URL uses the prefix "/servlet/", the JSP interpretation execution function is activated. At this time, use "../" in the target file path requested by the user, and it is possible to access files outside the root directory on the WEB server. Using this vulnerability to request a file generated by the user input on the target host will seriously threaten the security of the target host system.
For example:
http://jrun:8000/servlet//../../path/to /
http://jrun:8000/servlet/jsp/../../path/to/
Affected System: Allaire JRun 2.
Solution: Download and install patches:
Allaire patch jr233p_ASB00_28_29
/jrun/jr233p_ASB00_28_29.zip
Windows 95/98/NT/2000 and Windows NT Alpha
Allaire patch jr233p_ASB00_28_29tar
/jrun/jr233p_ASB00_28_29.
UNIX/Linux patch - GNU gzip/tar
JRun 2. Sample files expose site security information
JRun 2. There are some servlet sample files in the JRUN_HOME/servlets directory. This directory is JRun 2. Used to load and execute servlets files. All files with the extension ".Java" or "class" must be deleted because these files expose the site's security information. For example:
/servlet/SessionServlet will expose the HTTP connection information maintained by the current server. The contents in the JRUN_HOME/jsm-default/services/jws/htdocs directory should also be deleted. This directory holds '.jsp' files that demonstrate the server's functionality, some of which involve accessing the server file system and exposing the server settings. For example, path checking for file "" is turned off by default, which can be used to access the server file system.
Solution:
1) Install 2.3.3 service pack
2) Delete all instructions, demonstration codes, examples and textbooks from the server, including documents stored in the JRUN_HOME/servlets directory and the JRUN_HOME/jsm-default/services/jws/htdocs directory when installing JRun 2.
Related sites:/
What are the vulnerabilities of IBM WebSphere Application Server?
1. IBM WebSphere Application Server 3.0.2 has a source code vulnerability
IBM WebSphere Application Server allows attackers to view all files above the Web server root directory. IBM WebSphere uses Java Servlets to process analysis of multiple page types (such as HTML, JSP, JHTML, etc.). In addition Different servlets handle different pages. If a requested file is not registered and managed, WebSphere will use a default servlet as the call. If the file path starts with "/servlet/file/", this default servlet will be called. The file that requested will be displayed without being analyzed or compiled.
Affected Systems: All versions of IBM WebSphere 3.0.2
For example:
If the URL of a request file is ""::/, then accessing /servlet/file/ will see the source code of the file.
Solution: Download and install patches
/software/webservers/appserv/
Related site: /software/webservers/appserv/
IBM WebSphere Application Server exposes JSP file content
Files of type Java Server Pages (JSP) are registered on WebSphere Application Server with the '.jsp' extension, which is case-sensitive, and '.jsp' and '.JSP' are different file extensions. If you submit a link with '.JSP' to WebSphere, and WebSphere cannot find '.JSP' will respond to the request with the default '.text' file type. Because case file names are non-sensitive in NT systems, the requested file will be sent in text.
If you are on a UNIX server, the error message "file not found" will appear.
Solution: Click here to download the patch
Related site: /software/webservers/appserv/
What are the source code vulnerabilities exposed in BEA WebLogic?
Affected version:
All systems
BEA WebLogic Enterprise 5.
BEA WebLogic Server and Express 5.
BEA WebLogic Server and Express 4.
BEA WebLogic Server and Express 4.
BEA WebLogic Server and Express 3.1.8
This vulnerability allows an attacker to read the source code of all files in a web directory.
WebLogic relies on four main Java Servlets to serve different types of files. These servlets are:
1) FileServlet - for simple HTML pages
2) SSIServlet - for Server Side Includes page
3) PageCompileServlet - for JHTML page
4) JSPServlet - for Java Server page
Looking at the file, here are the registered values of each servlets:
1)=
2).*.shtml=
3).*.jhtml=
4).*.jsp=
More files, if a request file is not registered and managed, a default servlet will be called. The following shows how the default servlet is registered.
# Default servlet registration
# ------------------------------------------------
# Virtual name of the default servlet if no matching servlet
# is found =file
Therefore, if the file path in the URL starts with "/file/", it will cause WebLogic to call the default servlet, which will cause the web page to be displayed directly without analysis and compilation.
Argument:
Just add "/file/" before the original URL path of the file you want to see will directly expose the source code without analysis and compilation. For example: / , then just by visiting /file/ you will see the content of the file in the WEB browser.
Here is how to use it:
1. View unanalyzed pages by force use of SSIServlet:
The server site processes the page through the SSIServlet in WebLogic, which registers the following information in the file: .*.shtml=
Automatically handle wildcards (*) using SSIServlet via URL. Therefore, if the file path starts with /*.shtml/, the file will be forced to be processed by SSIServlet. If you use other file types such as .jsp and .jhtml, you can view the unanalysed jsp and jhtml code. Example: /*.shtml/
2. View unanalyzed pages by force use of FileServlet:
WebLogic uses FileServlet to configure the ConsoleHelp servlet, and you can know the following content in the file:
# For Console help. Do not modify.
=
=\defaultFilename=/weblogic/admin/help/
=everyone
Therefore, if the file path starts with /ConsoleHelp/, it will cause WebLogic to use FileServlet to display unanalyzed or compiled files as pages. For example: /ConsoleHelp/
Solution:
Do not set FileServlet using the setup method in the example. This may expose the source code of your JSP/JHTML file. Please check the online documentation:
/docs51/admindocs/#file
The example registrations are as follows:
=
=defaultFilename=
=file
There are two ways to avoid this problem:
(1) Register those files with random usernames to increase the difficulty of guessing. For example, use a file registration servlet like this to 12foo34:
.12foo34=
.12foo34=defaultFilename=
=12foo34
(2) Register the file servlet Use wild cards to declare that you will use all these file extensions as a service. For example, register a file servlet as a .html file service:
.*.html=
.*.html=defaultFilename=
=*.html
Use the above method to repeatedly add the following types of files *.gif, *.jpg, *.pdf, *.txt, etc.
Note: This information is proofed in the BEA WebLogic Server and Express description file: /docs51/admindocs/
Also: Please pay attention to the new version and upgrade it.
What's going on with Apache leaking arbitrary file vulnerability?
In Apache 1.2 and later versions there is a mod_rewrite module that specifies the absolute path mapped by a special URL on the web server file system. If a rewrite rule containing the correct expression parameters is sent, the attacker can view any file on the target host.
The following is an example of rewriting rule directives (the first line only contains vulnerabilities):
RewriteRule /test/(.*) /usr/local/data/test-stuff/$1
RewriteRule /more-icons/(.*) /icons/$1
RewriteRule /go/(.*) /$1
Affected systems:
1)Apache 1.3.12
2)Apache 1.3.11win32
3)Apache 1.
Unaffected system: Apache 1.3.13
How to solve the problem of adding special characters to HTTP requests that cause exposure of JSP source code files?
Unify eWave ServletExec is a Java/Java Servlet engine plug-in, mainly used for WEB servers, such as Microsoft IIS, Apache, Netscape Enterprise servers, etc.
When one of the following characters is added to an HTTP request, ServletExec returns the JSP source code file.
.
%2E
+
%2B
\
%5C
%20
%00
Successfully exploiting this vulnerability will lead to the source code of the specified JSP file being leaked, for example: using any of the following URL requests to output the source code of the specified JSP file as follows:
1)http://target/directory/jsp/.
2)http://target/directory/jsp/%2E
3)http://target/directory/jsp/+
4)http://target/directory/jsp/%2B
5)http://target/directory/jsp/\
6)http://target/directory/jsp/%5C
7)http://target/directory/jsp/%20
8)http://target/directory/jsp/%00
Affected systems:
1)Unify eWave ServletExec 3.0c
2)Sun Solaris 8.0
3)Microsoft Windows 98
4)Microsoft Windows NT 4.0
5)Microsoft Windows NT 2000
6)Linux kernel 2.
7)IBM AIX 4.3.2
8)HP HP-UX 11.4
Solution:
If no static pages or images are used, you can configure a default servlet and map "/" to this default servlet. In this way, when a URL that is not mapped to a servlet is received, the default servlet will be called. In this case, the default servlet can simply return "file not found". If a static page or image is used, this configuration can still be made, but this default servlet needs to handle requests for legitimate static pages and images.
Another possibility is to map *.jsp+, *.jsp., and *.jsp\ etc. to a servlet, which just returns "file not found". For cases like *.jsp%00 and *.jsp%20, the mapping should be entered in unencoded form. For example, for the mapping of *.jsp%20, enter "*.jsp". Note that %20 is converted to a space character.
What are the vulnerabilities in Tomcat?
Tomcat 3.1 has problems exposing website paths
Tomcat 3.1 is a software developed in the Apache software environment that supports JSP 1.1 and Servlets 2.2. It has a security issue when sending a non-existent jsp request, it exposes the full path of the web page on the website.
For example:
:8080/
The results show:
Error: 404
Location: /
JSP file "/appsrv2/jakarta-tomcat/webapps/ROOT/" not found
Solution: Upgrade to a new version
Tomcat exposes JSP file content
Java Server Pages (JSP) type files are registered on Tomcat with the '.jsp' extension, which is case-sensitive, and '.jsp' and '.JSP' are different file extensions. If you submit a link with '.JSP' to Tomcat, and Tomcat cannot find '.JSP' will respond to the request with the default '.text' file type. Because case file names are non-sensitive in NT systems, the requested file will be sent in text.
If you are on a UNIX server, the error message "file not found" will appear.
How to implement code protection for Tomcat under Windows
Some versions of Tomcat have vulnerabilities to leak source code. If the suffix of the file is changed to capitalization when calling the JSP page in the browser, the source code of this JSP file will be completely output to the browser (maybe there is nothing in the browser window, at this time you just need to check the HTML source file to discover). In this way, will the source code of the website be exposed to the Internet?
Don't worry, the solution is very simple. Just write all the combinations of suffixes into Tomcat_Home\conf\. In this way, Tomcat will treat JSPs with different suffix names separately, and the code will not be leaked.
jsp
*.jsp
jsP
*.jsP
?lt;servlet-name>jSp
*.jSp
jSP
*.jSP
Jsp
*.Jsp
JsP
*.JsP
JSp
*.JSp
JSP
*.JSP
What are the vulnerabilities of the Allair Jrun vulnerability?
Allair JRUN Illegal Reading WEB-INF Vulnerability
There is a serious security vulnerability in JRUN Server version 2.3 of Allaire. It allows an attacker to view the WEB-INF directory in a JRun 3.0 server.
If the user submits a URL request, the URL becomes a deformed URL by appending a "/" to the URL, then all subdirectories under WEB-INF will be exposed. The attacker cleverly exploited this vulnerability will be able to remotely obtain read permissions for all files in the WEB-INF directory in the target host system.
For example, using the following URL will expose all files under WEB-INF:
:8100//WEB-INF/
Affected Systems: Allaire JRun 3.0
Solution: Download and install patches:
Allaire patch jr233p_ASB00_28_29
/jrun/jr233p_ASB00_28_29.zip
Windows 95/98/NT/2000 and Windows NT Alpha
Allaire patch jr233p_ASB00_28_29tar
/jrun/jr233p_ASB00_28_29.
UNIX/Linux patch - GNU gzip/tar
Allaire JRUN 2.3 View any file vulnerability
There is a multiple display code vulnerability on Allaire's JRUN server 2.3. The vulnerability allows an attacker to view the source code of any file in the root directory on a WEB server.
JRun 2.3 uses Java Servlets to parse pages of various types (for example: HTML, JSP, etc.). Based on file settings and , any servlet may be called with the URL prefix "/servlet/".
It may use Jrun's SSIFilter servlet to retrieve arbitrary files on the target system. The following 2 examples show URLs that can be used to retrieve any file:
http://jrun:8000/servlet//../../t
http://jrun:8000/servlet//../../../../../../../
http://jrun:8000/servlet//../../. ./../../../../winnt/repair/sam
http://jrun:8000/servlet/ssifilter/../../
http://jrun:8000/servlet/ssifilter/../../../../../../../
http://jrun:8000/servlet/ssifilter/../../../../../../../winnt/repair/sam._
Note: Assume JRun is running on the host "jrun" with port 8000.
Affected System: Allaire JRun 2.
Solution: Download and install patches:
Allaire patch jr233p_ASB00_28_29
/jrun/jr233p_ASB00_28_29.zip
Windows 95/98/NT/2000 and Windows NT Alpha
Allaire patch jr233p_ASB00_28_29tar
/jrun/jr233p_ASB00_28_29.
UNIX/Linux patch - GNU gzip/tar
Allaire JRUN 2.3 Remote execution of arbitrary command vulnerability
There is a security vulnerability on Allaire's JRUN server 2.3, allowing remote users to compile/execute any files on the WEB server as JSP code. If the target file requested by the URL uses the prefix "/servlet/", the JSP interpretation execution function is activated. At this time, use "../" in the target file path requested by the user, and it is possible to access files outside the root directory on the WEB server. Using this vulnerability to request a file generated by the user input on the target host will seriously threaten the security of the target host system.
For example:
http://jrun:8000/servlet//../../path/to /
http://jrun:8000/servlet/jsp/../../path/to/
Affected System: Allaire JRun 2.
Solution: Download and install patches:
Allaire patch jr233p_ASB00_28_29
/jrun/jr233p_ASB00_28_29.zip
Windows 95/98/NT/2000 and Windows NT Alpha
Allaire patch jr233p_ASB00_28_29tar
/jrun/jr233p_ASB00_28_29.
UNIX/Linux patch - GNU gzip/tar
JRun 2. Sample files expose site security information
JRun 2. There are some servlet sample files in the JRUN_HOME/servlets directory. This directory is JRun 2. Used to load and execute servlets files. All files with the extension ".Java" or "class" must be deleted because these files expose the site's security information. For example:
/servlet/SessionServlet will expose the HTTP connection information maintained by the current server. The contents in the JRUN_HOME/jsm-default/services/jws/htdocs directory should also be deleted. This directory holds '.jsp' files that demonstrate the server's functionality, some of which involve accessing the server file system and exposing the server settings. For example, path checking for file "" is turned off by default, which can be used to access the server file system.
Solution:
1) Install 2.3.3 service pack
2) Delete all instructions, demonstration codes, examples and textbooks from the server, including documents stored in the JRUN_HOME/servlets directory and the JRUN_HOME/jsm-default/services/jws/htdocs directory when installing JRun 2.
Related sites:/
What are the vulnerabilities of IBM WebSphere Application Server?
1. IBM WebSphere Application Server 3.0.2 has a source code vulnerability
IBM WebSphere Application Server allows attackers to view all files above the Web server root directory. IBM WebSphere uses Java Servlets to process analysis of multiple page types (such as HTML, JSP, JHTML, etc.). In addition Different servlets handle different pages. If a requested file is not registered and managed, WebSphere will use a default servlet as the call. If the file path starts with "/servlet/file/", this default servlet will be called. The file that requested will be displayed without being analyzed or compiled.
Affected Systems: All versions of IBM WebSphere 3.0.2
For example:
If the URL of a request file is ""::/, then accessing /servlet/file/ will see the source code of the file.
Solution: Download and install patches
/software/webservers/appserv/
Related site: /software/webservers/appserv/
IBM WebSphere Application Server exposes JSP file content
Files of type Java Server Pages (JSP) are registered on WebSphere Application Server with the '.jsp' extension, which is case-sensitive, and '.jsp' and '.JSP' are different file extensions. If you submit a link with '.JSP' to WebSphere, and WebSphere cannot find '.JSP' will respond to the request with the default '.text' file type. Because case file names are non-sensitive in NT systems, the requested file will be sent in text.
If you are on a UNIX server, the error message "file not found" will appear.
Solution: Click here to download the patch
Related site: /software/webservers/appserv/
What are the source code vulnerabilities exposed in BEA WebLogic?
Affected version:
All systems
BEA WebLogic Enterprise 5.
BEA WebLogic Server and Express 5.
BEA WebLogic Server and Express 4.
BEA WebLogic Server and Express 4.
BEA WebLogic Server and Express 3.1.8
This vulnerability allows an attacker to read the source code of all files in a web directory.
WebLogic relies on four main Java Servlets to serve different types of files. These servlets are:
1) FileServlet - for simple HTML pages
2) SSIServlet - for Server Side Includes page
3) PageCompileServlet - for JHTML page
4) JSPServlet - for Java Server page
Looking at the file, here are the registered values of each servlets:
1)=
2).*.shtml=
3).*.jhtml=
4).*.jsp=
More files, if a request file is not registered and managed, a default servlet will be called. The following shows how the default servlet is registered.
# Default servlet registration
# ------------------------------------------------
# Virtual name of the default servlet if no matching servlet
# is found =file
Therefore, if the file path in the URL starts with "/file/", it will cause WebLogic to call the default servlet, which will cause the web page to be displayed directly without analysis and compilation.
Argument:
Just add "/file/" before the original URL path of the file you want to see will directly expose the source code without analysis and compilation. For example: / , then just by visiting /file/ you will see the content of the file in the WEB browser.
Here is how to use it:
1. View unanalyzed pages by force use of SSIServlet:
The server site processes the page through the SSIServlet in WebLogic, which registers the following information in the file: .*.shtml=
Automatically handle wildcards (*) using SSIServlet via URL. Therefore, if the file path starts with /*.shtml/, the file will be forced to be processed by SSIServlet. If you use other file types such as .jsp and .jhtml, you can view the unanalysed jsp and jhtml code. Example: /*.shtml/
2. View unanalyzed pages by force use of FileServlet:
WebLogic uses FileServlet to configure the ConsoleHelp servlet, and you can know the following content in the file:
# For Console help. Do not modify.
=
=\defaultFilename=/weblogic/admin/help/
=everyone
Therefore, if the file path starts with /ConsoleHelp/, it will cause WebLogic to use FileServlet to display unanalyzed or compiled files as pages. For example: /ConsoleHelp/
Solution:
Do not set FileServlet using the setup method in the example. This may expose the source code of your JSP/JHTML file. Please check the online documentation:
/docs51/admindocs/#file
The example registrations are as follows:
=
=defaultFilename=
=file
There are two ways to avoid this problem:
(1) Register those files with random usernames to increase the difficulty of guessing. For example, use a file registration servlet like this to 12foo34:
.12foo34=
.12foo34=defaultFilename=
=12foo34
(2) Register the file servlet Use wild cards to declare that you will use all these file extensions as a service. For example, register a file servlet as a .html file service:
.*.html=
.*.html=defaultFilename=
=*.html
Use the above method to repeatedly add the following types of files *.gif, *.jpg, *.pdf, *.txt, etc.
Note: This information is proofed in the BEA WebLogic Server and Express description file: /docs51/admindocs/
Also: Please pay attention to the new version and upgrade it.