GEN:SID 1:2139
Message WEB-MISC /*.shtml access
Summary This event is generated when an attempt is made to exploit a vulnerabliity in BEA Systems WebLogic server.
Impact Information gathering, source code disclosure.
Detailed Information This event indicates that an attempt has been made to exploit a vulnerabliity in BEA Systems WebLogic server.

A weakness in the configuration of the WebLogic server from BEA Systems allows an attacker to view the source code of .jsp and .jhtml pages that reside in the root directory of the webserver. A request for these documents prefixed with /*.shtml/ will exploit a vulnerability in the handling of Server Side Include Servlet (SSIServlet) such that the webserver will return the documents unparsed, rendering the source code viewable.
Affected Systems BEA Systems WebLogic Enterprise 5.1 and 5.1.x
Attack Scenarios An attacker can retrieve the source code of a .jsp file by making a web request in the form: http://www.foo.com/*.shtml/target.jsp.
Ease of Attack Simple. No exploit software required.
Corrective Action Apply the appropriate vendor supplied patches

Upgrade to the latest non-affected version of the software
Additional References  
Rule References bugtraq: 1517
cve: 2000-0683
nessus: 11604