IBM WebSphere source code exposure Vulnerability

Bugtraqid 1500
Class Access Validation Error
Cve GENERIC-MAP-NOMATCH
Remote Yes
Local Yes
Published July 24,200 0
Updated July 24,200 0
Vulnerable IBM Websphere Application Server 3.0.21
-Sun Solaris 8.0
-Microsoft Windows NT 4.0
-Linux kernel 2.3.x
-Ibm aix 4.3
IBM Websphere Application Server 3.0
-Sun Solaris 8.0
-Novell Netware 5.0
-Microsoft Windows NT 4.0
-Linux kernel 2.3.x
-Ibm aix 4.3
IBM Websphere Application Server 2.0
-Sun Solaris 8.0
-Novell Netware 5.0
-Microsoft Windows NT 4.0
-Linux kernel 2.3.x
-Ibm aix 4.3

Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicous users to view the source of any document which resides in the web document root directory.

This is possible via a flaw which allows a default servlet (different servlets are used to parse different types of content, JHTML, HTMl, JSP, etc .) this default servlet will display the document/page without parsing/compiling it hence allowing the code to be viewed by the end user.

The Foundstone, Inc. advisory which covered this problem detailed the following method of verifying the vulnerability-full text of this advisory is available in the 'credentials' section of this entry:

"It is easy to verify this vulnerability for a given system. Prefixing the path to web pages with"/servlet/file/"in the URL causes the file to be displayed without being
Parsed or compiled. For example if the URL for a file "login. jsp" is:

Http://site.running.websphere/login.jsp

Then accessing

Http://site.running.websphere/servlet/file/login.jsp

Wocould cause the unparsed contents of the file to show up in the web browser ."