IBM WebSphere Source Code exposure vulnerability

Web| Source Code

Bugtraq ID 1500
Class Access Validation Error
CVE Generic-map-nomatch
Remote Yes
Local Yes
Published July 24, 2000
Updated July 24, 2000
Vulnerable IBM Websphere Application Server 3.0.21
-Sun Solaris 8.0
-Microsoft Windows NT 4.0
-Linux Kernel 2.3.x
-IBM AIX 4.3
IBM Websphere Application Server 3.0
-Sun Solaris 8.0
-Novell Netware 5.0
-Microsoft Windows NT 4.0
-Linux Kernel 2.3.x
-IBM AIX 4.3
IBM Websphere Application Server 2.0
-Sun Solaris 8.0
-Novell Netware 5.0
-Microsoft Windows NT 4.0
-Linux Kernel 2.3.x
-IBM AIX 4.3

Certain versions of the IBM WebSphere application Server ship with a vulnerability which allows malicious users to view th e Source of any document which resides in the Web document root directory.

This is possible via a flaw which allows a default servlet (different servlets are used to parse different-types T, JHTML, HTMl, JSP, etc.) This default servlet would display the document/page without parsing/compiling it hence allowing the code to is viewed by T He end user.

The Foundstone, INC advisory which covered this problem detailed the following method of verifying the Vulnerability-fu ll text of this advisory are available in the ' Credit ' section of this entry:

"It is easy to verify this vulnerability for a given system." Prefixing the path to Web pages with the '/servlet/file/' in the URL causes the ' file to be displayed without being
parsed or compiled. For example if the URL for a file ' login.jsp ' is:

http://site.running.websphere/login.jsp

Then accessing

http://site.running.websphere/servlet/file/login.jsp

Would cause the unparsed contents of the the the file to show the Web browser.