PQ99537; 5.0.2.9, 5.1.0.5, 5.1.1.3: Possible JSP source code exposure
 Downloadable files
 
Abstract
Source code for JSP could be displayed instead of formatted output.
 
Download Description
PQ99537 resolves the following problem:

ERROR DESCRIPTION:
Under some circumstances JSP source code can be displayed in the browser instead of an expected HTML response.

This problem can be considered as a vulnerability exposure and only WebSphere® Application Server V5.0 and V5.1 on some platforms are affected.

SOLUTION:
A specific JSP URL might expose JSP source code rather than JSP page on some platforms.

With this fix, it should show the JSP page on all platforms. This fix should be applied to both Base and Network Deployment.

Change history
Release date: 1 February 2005
Last updated: 9 February 2006
  • 9 February 2006: Revised description of problem and platforms impacted
  • 3 February 2005: Clarified impact of security exposure
  • 1 February 2005: Published


The naming convention for PQ95537Express.jar may be confusing but the jar can also be installed on Base and ND.
 
Prerequisites
Download the UpdateInstaller below to install this fix.
 
URL LANGUAGE SIZE(Bytes)
UpdateInstaller for V5.0 US English 7250000
UpdateInstaller for V5.1 US English 7250000
 
 
Installation Instructions
Review the readme.txt for detailed installation instructions.
 
URL LANGUAGE SIZE(Bytes)
Readme US English 2107
 
Download package
What is DD?
Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
PQ99537 (for V5.0 and V5.1) 1/31/2005 US English 6296 FTP DD
PQ99537Express 3/29/2006 US English 6171 FTP DD
 
Technical support
1-800-IBM-SERV (U.S. Only)
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
Problems (APARS) fixed
PQ99537
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Servlet Engine/Web Container
Operating system(s): Windows
Software version: 5.1.1.3
Software edition:
Reference #: 4008814
IBM Group: Software Group
Modified date: Aug 31, 2006