Possible security exposure in IBM WebSphere Application Server V4.0.5 (APAR PQ76082)
 Flash (Alert)
 
Abstract
A possible security exposure has been identified in IBM® WebSphere® Application Server Version 4.0.5 where, under certain circumstances, raw JavaServer Page™ (JSP™) source contents could potentially be served to the browsers.
 
Content
IBM has identified a potential security exposure in IBM WebSphere Application Server where a maliciously formatted http request for a JSP resource can cause the application server to serve the raw JSP source content to the browser.

Versions Affected
IBM WebSphere Application Server Version 4.0.5 users of JSPs with the file serving feature enabled.

Solution
A fix is available for IBM WebSphere Application Server Version 4.0.5 in APAR PQ76082.
To download this APAR fix:
  1. Go to http://www.ibm.com/software/webservers/appserv/was/support/
  2. Search for PQ76082:
    The download package link is located inside the APAR PQ76082 document.

IBM interim fixes and fix packs for the IBM WebSphere Application Server Product are available at this Support site.
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > JSP
Operating system(s): Windows
Software version: 4.0.5
Software edition:
Reference #: 1137846
IBM Group: Software Group
Modified date: Nov 29, 2004