IBM WebSphere Application Server File Servlet Source Code Disclosure Vulnerability
BID:12538
Info
IBM WebSphere Application Server File Servlet Source Code Disclosure Vulnerability
| Bugtraq ID: | 12538 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 14 2005 12:00AM |
| Updated: | Feb 14 2005 12:00AM |
| Credit: | This issue was reported by IBM. |
| Vulnerable: |
IBM Websphere Application Server 6.0 |
| Not Vulnerable: | |
Discussion
IBM WebSphere Application Server File Servlet Source Code Disclosure Vulnerability
IBM WebSphere Application Server is prone to a source code disclosure vulnerability. An attacker can exploit this issue by supplying a malformed URI to the server to disclose JSP source code. The vulnerability exists in the file serving servlet.
It should be noted that this issue only affects WebSphere Application Server version 6.0 running on Microsoft Windows platforms.
IBM WebSphere Application Server is prone to a source code disclosure vulnerability. An attacker can exploit this issue by supplying a malformed URI to the server to disclose JSP source code. The vulnerability exists in the file serving servlet.
It should be noted that this issue only affects WebSphere Application Server version 6.0 running on Microsoft Windows platforms.
Exploit / POC
IBM WebSphere Application Server File Servlet Source Code Disclosure Vulnerability
An exploit is not required to leverage this issue.
An exploit is not required to leverage this issue.
Solution / Fix
IBM WebSphere Application Server File Servlet Source Code Disclosure Vulnerability
Solution:
IBM has released a fix to address this issue.
IBM Websphere Application Server 6.0
Solution:
IBM has released a fix to address this issue.
IBM Websphere Application Server 6.0
References
IBM WebSphere Application Server File Servlet Source Code Disclosure Vulnerability
References:
References: