PQ91033; 5.0.2.7: Secure file served without challenge
 Downloadable files
 
Abstract
Some URIs may be served as plain text, with raw content sent back to client.
 
Download Description
PQ91033 resolves the following problem:

ERROR DESCRIPTION
Requests for secure files may be served without challenge. This violates file access security policy.

LOCAL FIX

PROBLEM SUMMARY

USERS AFFECTED
WebSphere application server users of SimpleFileServlet.

PROBLEM DESCRIPTION
URIs may be served as plain text, with raw content sent back to client.

RECOMMENDATION:
None

The web engine does not block some invalid URIs and instead sends raw content to clients. In security mode, this type of URI can bypass security challenge. This problem only occurs on Linux or UNIX systems.

PROBLEM CONCLUSION
SimpleFileServlet uses JDK java.io.File to validate requested resources. Fixed SimpleFileServlet so that it blocked such invalid URIs.
 
Prerequisites
Please download the UpdateInstaller below to install this fix.
 
URL LANGUAGE SIZE(Bytes)
UpdateInstaller US English 7250000
 
 
Installation Instructions
Please review the readme.txt for detailed installation instructions.
 
URL LANGUAGE SIZE(Bytes)
Readme US English 2019
 
Download package
What is DD?
Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
PQ91033_501 08-07-2006 US English 7236 FTP DD
PQ91033_502_5027 08-07-2006 US English 7410 FTP DD
 
Technical support
Contact IBM Support using ESR (http://www-306.ibm.com/software/support/probsub.html), visit the WebSphere Application Server Support Web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
Problems (APARS) fixed
PQ91033
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Servlet Engine/Web Container
Operating system(s): Windows
Software version: 5.0.2.7
Software edition:
Reference #: 4013029
IBM Group: Software Group
Modified date: Oct 5, 2006