IBM WebSphere Showcode Vulnerability
BID:1500
Info
IBM WebSphere Showcode Vulnerability
| Bugtraq ID: | 1500 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jul 24 2000 12:00AM |
| Updated: | Jul 24 2000 12:00AM |
| Credit: | This advisory was released by Foundstone Inc. who credit Shreeraj Shah ([email protected]) Saumil Shah ([email protected]) with the dicovery. Further, this advisory was posted to the Bugtraq mailing list on July 24, 2000. |
| Vulnerable: |
IBM Websphere Application Server 3.0.2 .1 IBM Websphere Application Server 3.0 IBM Websphere Application Server 2.0 |
| Not Vulnerable: | |
Discussion
IBM WebSphere Showcode Vulnerability
Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory.
This is possible via a flaw which allows a default servlet (different servlets are used to parse different types of content, JHTML, HTMl, JSP, etc.) This default servlet will display the document/page without parsing/compiling it hence allowing the code to be viewed by the end user.
Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory.
This is possible via a flaw which allows a default servlet (different servlets are used to parse different types of content, JHTML, HTMl, JSP, etc.) This default servlet will display the document/page without parsing/compiling it hence allowing the code to be viewed by the end user.
Exploit / POC
IBM WebSphere Showcode Vulnerability
The Foundstone, Inc. advisory which covered this problem detailed the following method of verifying the vulnerability - full text of this advisory is available in the 'Credit' section of this entry:
"It is easy to verify this vulnerability for a given system. Prefixing the path to web pages with "/servlet/file/" in the URL causes the file to be displayed without being
parsed or compiled. For example if the URL for a file "login.jsp" is:
http://site.running.websphere/login.jsp
then accessing
http://site.running.websphere/servlet/file/login.jsp
would cause the unparsed contents of the file to show up in the web browser."
The Foundstone, Inc. advisory which covered this problem detailed the following method of verifying the vulnerability - full text of this advisory is available in the 'Credit' section of this entry:
"It is easy to verify this vulnerability for a given system. Prefixing the path to web pages with "/servlet/file/" in the URL causes the file to be displayed without being
parsed or compiled. For example if the URL for a file "login.jsp" is:
http://site.running.websphere/login.jsp
then accessing
http://site.running.websphere/servlet/file/login.jsp
would cause the unparsed contents of the file to show up in the web browser."
Solution / Fix
IBM WebSphere Showcode Vulnerability
Solution:
IBM has announced the following fix:
IBM Websphere Application Server 3.0.2 .1
Solution:
IBM has announced the following fix:
IBM Websphere Application Server 3.0.2 .1
References
IBM WebSphere Showcode Vulnerability
References:
References: