https://www.exploit-db.com/exploits/20027
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200006-085

BEAWebLogic5.1.0版本默认配置存在漏洞。远程攻击者借助请求/file/开头的URL可以查看程序的源代码，从而导致默认servlet显示未经进一步处理的文件。

source: http://www.securityfocus.com/bid/1378/info

Within WebLogic Server and WebLogic Express there are four main java servlets registered to serve different kind of files. A default servlet exists if a requested file does not have an assigned servlet.

If an http request is made that includes "/file/", the server calls upon the default servlet which will cause the page to display the source code in the web browser. 

http://target/file/filename

来源:BID
名称:1378
链接:http://www.securityfocus.com/bid/1378
来源:XF
名称:weblogic-file-source-read
链接:http://xforce.iss.net/static/4775.php
来源:www.weblogic.com
链接:http://www.weblogic.com/docs51/admindocs/http.html#file
来源:BUGTRAQ
名称:20000621BEAWebLogic/file/showcodevulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=96161462915381&w;=2