|
Abstract |
Under some circumstances, the JavaServer Pages™ (JSP™)
source code will be returned instead of the formatted output. |
|
Content |
Problem Description
A possible security exposure has been identified in IBM® WebSphere®
Application Server where, under certain circumstances, raw JSP source
contents could potentially be served to the browsers.
Versions Affected
Versions affected
|
Version problem is fixed
|
APAR
|
V4.0.3, 4.0.4, 4.0.5 |
4.0.5 |
PQ76082 |
V5.0.2.5, 5.0.2.6, 5.0.2.7, 5.0.2.8, 5.0.2.9, 5.1.0.2, 5.1.0.3, 5.1.0.4,
5.1.0.5, 5.1.1.1, 5.1.1.2, 5.1.1.3 |
5.0.2.10 and 5.1.1.4 |
PQ99537 |
V6.0 (also known as 6.0.0.1) |
6.0.0.2 and 6.0.1 |
PK00091 |
Solution
Fixes are available for IBM WebSphere Application Server as follows:
- For V4.0.3 through 4.0.5, apply:
- For V5.0 through 5.0.2.9 and 5.1.1.3, apply:
- V5.1.1.3, apply:
- For V6.0.0 through 6.0.0.1, apply:
IBM interim fixes and fix packs are available from the IBM WebSphere Application Server product support
page. |
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
WebSphere Application Server - Express |
Security |
AIX, HP-UX, Linux, Multi-Platform, Solaris, Windows |
6.0 |
|
|
|
|
|