IBM WebSphere source code exposed loopholes
Abstract: IBM WebSphere source code exposed loopholes
Bugtraq id 1500
Class Access Validation Error
Cve GENERIC-MAP-NOMATCH
Remote Yes
Local Yes
Published July 24, 2000
Updated July 24, 2000
Vulnerable IBM Websphere Application Server 3.0.21
— Sun Solaris 8.0
— Microsoft Windows NT 4.0
— Linux kernel 2.3.x
— IBM AIX 4.3
IBM Websphere Application Server 3.0
— Sun Solaris 8.0
— Novell Netware 5.0
— Microsoft Windows NT 4.0
— Linux kernel 2.3.x
— IBM AIX 4.3
IBM Websphere Application Server 2.0
— Sun Solaris 8.0
— Novell Netware 5.0
— Microsoft Windows NT 4.0
— Linux kernel 2.3.x
— IBM AIX 4.3
Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory.
This is possible via a flaw which allows a default servlet (different servlets are used to parse different types of content, JHTML, HTMl, JSP, etc.) This default servlet will display the document / page without parsing / compiling it hence allowing the code to be viewed by the end user.
The Foundstone, Inc. Advisory which covered this problem detailed the following method of verifying the vulnerability - full text of this advisory is available in the Credit section of this entry:
"It is easy to verify this vulnerability for a given system. Prefixing the path to web pages with" / servlet / file / "in the URL causes the file to be displayed without being
Parsed or compiled. For example if the URL for a file "login.jsp" is:
Http://site.running.websphere/login.jsp
Then accessing
Http://site.running.websphere/servlet/file/login.jsp
Would cause the unparsed contents of the file to show up in the web browser. "
↑ Back
Tags: ibm java, source, websphere