IBM WebSphere Application Server 3.0.2 exposed Source Code Vulnerability

Source: Internet
Author: User
Tags websphere application server

Involved procedures:
IBM WebSphere Application Server 3.0.2

Description:
IBM WebSphere Application Server 3.0.2 exposed Source Code Vulnerability

Details:
IBM WebSphere Application Server allows attackers to view all files above the Web server root directory. IBM WebSphere uses Java Servlets to Process Analysis of Multiple page types (such as HTML, JSP, JHTML, and so on ). In addition different servlets processes different pages. If a requested file is not registered and managed, WebSphere uses a default servlet for calling. If the file path starts with "/servlet/file/", the default servlet will be called by the requested file and will be displayed without analysis or compilation.

Affected Systems:
All versions of IBM WebSphere 3.0.2

Example:
If the URL of a request file is "login. jsp ":
Http://site.running.websphere/login.jsp
Then access
Http://site.running.websphere/servlet/file/login.jsp
The source code of this file is displayed.

Solution:
Download and install the patch:
Http://www-4.ibm.com/software/webservers/appserv/efix.html

Related Sites:
Http://www-4.ibm.com/software/webservers/appserv/


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.