PQ76082: POSSIBLE SECURITY EXPOSURE IN WEBSPHERE APP SERVER V4.0.5
 Downloadable files
 
Abstract
Possible Security Exposure in WebSphere Application Server V4.0.5, where raw JSP source could potentially be served to browsers
 
Download Description
IBM has identified a potential security exposure in IBM WebSphere Application Server where a maliciously formatted http request for a JSP resource can cause the application server to serve the raw JSP source content to the browser. Only the web application with file serving enabled are affected by this
problem. IBM WebSphere Application Server version V4.0.5 is affected by this exposure.

USERS AFFECTED: WebSphere Application Server V4.0 users of JSPs and have enabled the file serving feature.

PROBLEM DESCRIPTION: A maliciously formatted HTTP request for a JSP resource can cause the application server to serve the raw JSP source content to the browser.
 
Prerequisites
NONE
 
 
Installation Instructions
Please review the readme.txt for detailed installation instructions.
 
URL LANGUAGE SIZE(Bytes)
Readme US English 2291
 
Download package
What is DD?
Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
PQ76082 9/4/2003 US English 1069534 FTP DD
 
Technical support
1-800-IBM-SERV (U.S. Only)
 
Problems (APARS) fixed
PQ76082
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > JSP
Operating system(s): HP-UX
Software version: 4.0.5
Software edition:
Reference #: 4005484
IBM Group: Software Group
Modified date: Nov 29, 2005