During a penentration test, I discovered that the BEA Weblogic Server reveals it hostname (on windows machines NetBIOS name) while sending the following request:
GET . HTTP/1.0\r\n\r\n
On older systems (Weblogic 7.0), a simple "BLAH . BLAH\r\n\r\n" will do the same trick. BEA was contacted about two weeks ago, but I haven't heard from them (yet).
Regards, Michael
-- Michael Hendrickx Security Engineer Scanit NV/SA http://www.scanit.be
