Security: Possible security exposure with JSP source code on IBM WebSphere Application Server
 Flash (Alert)
 
Abstract
Under some circumstances, the JavaServer Pages™ (JSP™) source code will be returned instead of the formatted output.
 
Content
Problem Description
A possible security exposure has been identified in IBM® WebSphere® Application Server where, under certain circumstances, raw JSP source contents could potentially be served to the browsers.

Versions Affected

Versions affected

Version problem is fixed

APAR

V4.0.3, 4.0.4, 4.0.5

4.0.5

PQ76082

V5.0.2.5, 5.0.2.6, 5.0.2.7, 5.0.2.8, 5.0.2.9, 5.1.0.2, 5.1.0.3, 5.1.0.4, 5.1.0.5, 5.1.1.1, 5.1.1.2, 5.1.1.3

5.0.2.10 and 5.1.1.4

PQ99537

V6.0 (also known as 6.0.0.1)

6.0.0.2 and 6.0.1

PK00091


Solution
Fixes are available for IBM WebSphere Application Server as follows:
IBM interim fixes and fix packs are available from the IBM WebSphere Application Server product support page.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers WebSphere Application Server - Express Security AIX, HP-UX, Linux, Multi-Platform, Solaris, Windows 6.0
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s): HP-UX
Software version: 4.0
Software edition:
Reference #: 1207057
IBM Group: Software Group
Modified date: Sep 27, 2005