APAR status
Closed as program error.
Error description
JSP includes can use directory escapes to include files outside
of the context root of the webapp. This is contrary to the
behavior of WAS 4.0.X and is not the expected behavior.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: Users who are concerned that their *
* included jsps should not be out of *
* context root are now secured. *
****************************************************************
* PROBLEM DESCRIPTION: When jsps that are escaped out of *
* context root are included the *
* JspBatcCompiler was accepting them *
* as valid documents. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
When jsps that are escaped out of context root are
included the JspBatcCompiler was accepting them as
valid documents.
Problem conclusion
No check on the location of the included jsp was being
made - this APAR corrects that.
Temporary fix Comments
APAR information |
APAR number |
PQ85045 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00W |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2004-02-23 |
Closed date |
2004-05-17 |
Last modified date |
2004-05-17 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|