PQ76082: POSSIBLE SECURITY EXPOSURE IN WEBSPHERE APP
SERVER V4.0.5
Downloadable files
Abstract
Possible Security Exposure in WebSphere Application Server
V4.0.5, where raw JSP source could potentially be served to browsers
Download Description
IBM has identified a potential security exposure in IBM WebSphere
Application Server where a maliciously formatted http request for a JSP
resource can cause the application server to serve the raw JSP source
content to the browser. Only the web application with file serving enabled
are affected by this
problem. IBM WebSphere Application Server version V4.0.5 is affected by
this exposure.
USERS AFFECTED: WebSphere Application Server V4.0 users of JSPs and have
enabled the file serving feature.
PROBLEM DESCRIPTION: A maliciously formatted HTTP request for a JSP
resource can cause the application server to serve the raw JSP source
content to the browser.
Prerequisites
NONE
Installation Instructions
Please review the readme.txt for detailed installation
instructions.