主页 > 知识库 > IBM WebSphere源代码暴露漏洞

IBM WebSphere源代码暴露漏洞

热门标签:四川电信外呼系统靠谱吗 地图标注创业项目入驻 电销外呼系统 排行榜 地图标注制作道路 外呼系统啥意思 长春回拨外呼系统厂家 广州三五防封电销卡 珠海销售外呼系统运营商 山东智能云外呼管理系统
bugtraq id 1500
class Access Validation Error
cve GENERIC-MAP-NOMATCH
remote Yes
local Yes
published July 24, 2000
updated July 24, 2000
vulnerable IBM Websphere Application Server 3.0.21
- Sun Solaris 8.0
- Microsoft Windows NT 4.0
- Linux kernel 2.3.x
- IBM AIX 4.3
IBM Websphere Application Server 3.0
- Sun Solaris 8.0
- Novell Netware 5.0
- Microsoft Windows NT 4.0
- Linux kernel 2.3.x
- IBM AIX 4.3
IBM Websphere Application Server 2.0
- Sun Solaris 8.0
- Novell Netware 5.0
- Microsoft Windows NT 4.0
- Linux kernel 2.3.x
- IBM AIX 4.3

Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory.

This is possible via a flaw which allows a default servlet (different servlets are used to parse different types of content, JHTML, HTMl, JSP, etc.) This default servlet will display the document/page without parsing/compiling it hence allowing the code to be viewed by the end user.

The Foundstone, Inc. advisory which covered this problem detailed the following method of verifying the vulnerability - full text of this advisory is available in the 'Credit' section of this entry:

"It is easy to verify this vulnerability for a given system. Prefixing the path to web pages with "/servlet/file/" in the URL causes the file to be displayed without being
parsed or compiled. For example if the URL for a file "login.jsp" is:

http://site.running.websphere/login.jsp

then accessing

http://site.running.websphere/servlet/file/login.jsp

would cause the unparsed contents of the file to show up in the web browser."

标签:潮州 肇庆 绍兴 北海 广元 玉树 保定 吴忠

巨人网络通讯声明:本文标题《IBM WebSphere源代码暴露漏洞》,本文关键词  IBM,WebSphere,源代码,暴露,;如发现本文内容存在版权问题,烦请提供相关信息告之我们,我们将及时沟通与处理。本站内容系统采集于网络,涉及言论、版权与本站无关。
  • 相关文章
  • 下面列出与本文章《IBM WebSphere源代码暴露漏洞》相关的同类信息!
  • 本页收集关于IBM WebSphere源代码暴露漏洞的相关信息资讯供网民参考!
  • 推荐文章