CVE-2000-0500

BEA WebLogic 5.1.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0500. PoCs published by Foundstone Inc..

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in WebLogic Server and Express where accessing a URL with '/file/' exposes source code. No exploit code is provided, only a description of the vulnerability.

Description

The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Foundstone Inc. · textremotemultiple
https://www.exploit-db.com/exploits/20027

This is a writeup describing an information disclosure vulnerability in WebLogic Server and Express where accessing a URL with '/file/' exposes source code. No exploit code is provided, only a description of the vulnerability.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WebLogic Server and WebLogic Express
No auth needed
Prerequisites: Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=96161462915381&w=2
Various Sources x_refsource_confirm
http://www.weblogic.com/docs51/admindocs/http.html#file
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1378
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/4775

Scores

EPSS 0.0461
EPSS Percentile 90.5%

Details

Status published
Products (4)
bea/weblogic_server 3.1.8 (2 CPE variants)
bea/weblogic_server 4.0 (2 CPE variants)
bea/weblogic_server 4.5 (2 CPE variants)
bea/weblogic_server 5.1 (2 CPE variants)
Published Jun 21, 2000
Tracked Since Feb 18, 2026