IBM WebSphere Application Server Source Code Disclosure Vulnerability

Bugtraq ID:	22991
Class:	Input Validation Error
CVE:	CVE-2005-4834 CVE-2006-7165 CVE-2006-7166 CVE-2005-4833
Remote:	Yes
Local:	No
Published:	Mar 16 2007 12:00AM
Updated:	Jul 06 2016 02:40PM
Credit:	This issue was reported by IBM.
Vulnerable:	IBM Websphere Application Server 6.1 .4 IBM Websphere Application Server 6.1 .3 IBM Websphere Application Server 6.1 .2 IBM Websphere Application Server 6.1 .1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.0.2 .9 IBM Websphere Application Server 6.0.2 .7 IBM Websphere Application Server 6.0.2 .5 IBM Websphere Application Server 6.0.2 .3 IBM Websphere Application Server 6.0.2 .15 IBM Websphere Application Server 6.0.2 .13 IBM Websphere Application Server 6.0.2 .11 IBM Websphere Application Server 6.0.2 .1 IBM Websphere Application Server 6.0.2 IBM Websphere Application Server 6.0 IBM Websphere Application Server 5.1.1 .9 IBM Websphere Application Server 5.1.1 .8 IBM Websphere Application Server 5.1.1 .7 IBM Websphere Application Server 5.1.1 .6 IBM Websphere Application Server 5.1.1 .5 IBM Websphere Application Server 5.1.1 .4 IBM Websphere Application Server 5.1.1 .3 IBM Websphere Application Server 5.1.1 .2 IBM Websphere Application Server 5.1.1 .13 IBM Websphere Application Server 5.1.1 .12 IBM Websphere Application Server 5.1.1 .11 IBM Websphere Application Server 5.1.1 .10 IBM Websphere Application Server 5.1.1 .1 IBM Websphere Application Server 5.1.1 IBM Websphere Application Server 5.1 .0.5 IBM Websphere Application Server 5.1 .0.4 IBM Websphere Application Server 5.1 .0.3 IBM Websphere Application Server 5.1 .0.2 IBM Websphere Application Server 5.1 IBM Websphere Application Server 5.0.2 .9 IBM Websphere Application Server 5.0.2 .8 IBM Websphere Application Server 5.0.2 .7 IBM Websphere Application Server 5.0.2 .6 IBM Websphere Application Server 5.0.2 .5 IBM Websphere Application Server 5.0.2 .4 IBM Websphere Application Server 5.0.2 .3 IBM Websphere Application Server 5.0.2 .2 IBM Websphere Application Server 5.0.2 .16 IBM Websphere Application Server 5.0.2 .15 IBM Websphere Application Server 5.0.2 .14 IBM Websphere Application Server 5.0.2 .13 IBM Websphere Application Server 5.0.2 .12 IBM Websphere Application Server 5.0.2 .11 IBM Websphere Application Server 5.0.2 .10 IBM Websphere Application Server 5.0.2 .1 IBM Websphere Application Server 5.0.2 IBM Websphere Application Server 5.0.1 IBM Websphere Application Server 5.0 IBM Websphere Application Server 6.0.2 Fix Pack 17
Not Vulnerable:	IBM Websphere Application Server 6.1 .5

IBM WebSphere Application Server Source Code Disclosure Vulnerability

IBM WebSphere Application Server is prone to a sourcecode-disclosure vulnerability. An attacker can exploit this issue by supplying malformed HTTP requests to the server to obtain JSP sourcecode.

This issue allows remote attackers to access the contents of potentially sensitive JSP source pages, aiding them in further attacks.

IBM WebSphere Application Server Source Code Disclosure Vulnerability

Attackers can use a browser to exploit this issue.

IBM WebSphere Application Server Source Code Disclosure Vulnerability

Solution:
IBM has released fixes and an advisory to address this issue. Please see the referenced advisory for information on obtaining fixes.

IBM WebSphere Application Server Source Code Disclosure Vulnerability

References:

• Possible security exposure with JavaServer Page (JSP) and IBM WebSphere Applicat (IBM)
  
• WebSphere Product Page (IBM)