Involved procedures:
IBM WebSphere Application Server 3.0.2
Description:
IBM WebSphere Application Server 3.0.2 exposed Source Code Vulnerability
Details:
IBM WebSphere Application Server allows attackers to view all files above the Web server root directory. IBM WebSphere uses Java Servlets to Process Analysis of Multiple page types (such as HTML, JSP, JHTML, and so on ). In addition different servlets processes different pages. If a requested file is not registered and managed, WebSphere uses a default servlet for calling. If the file path starts with "/servlet/file/", the default servlet will be called by the requested file and will be displayed without analysis or compilation.
Affected Systems:
All versions of IBM WebSphere 3.0.2
Example:
If the URL of a request file is "login. jsp ":
Http://site.running.websphere/login.jsp
Then access
Http://site.running.websphere/servlet/file/login.jsp
The source code of this file is displayed.
Solution:
Download and install the patch:
Http://www-4.ibm.com/software/webservers/appserv/efix.html
Related Sites:
Http://www-4.ibm.com/software/webservers/appserv/