主頁 > 知識(shí)庫 > IBM WebSphere源代碼暴露漏洞

IBM WebSphere源代碼暴露漏洞

熱門標(biāo)簽:四川電信外呼系統(tǒng)靠譜嗎 地圖標(biāo)注創(chuàng)業(yè)項(xiàng)目入駐 電銷外呼系統(tǒng) 排行榜 地圖標(biāo)注制作道路 外呼系統(tǒng)啥意思 長春回?fù)芡夂粝到y(tǒng)廠家 廣州三五防封電銷卡 珠海銷售外呼系統(tǒng)運(yùn)營商 山東智能云外呼管理系統(tǒng)
bugtraq id 1500
class Access Validation Error
cve GENERIC-MAP-NOMATCH
remote Yes
local Yes
published July 24, 2000
updated July 24, 2000
vulnerable IBM Websphere Application Server 3.0.21
- Sun Solaris 8.0
- Microsoft Windows NT 4.0
- Linux kernel 2.3.x
- IBM AIX 4.3
IBM Websphere Application Server 3.0
- Sun Solaris 8.0
- Novell Netware 5.0
- Microsoft Windows NT 4.0
- Linux kernel 2.3.x
- IBM AIX 4.3
IBM Websphere Application Server 2.0
- Sun Solaris 8.0
- Novell Netware 5.0
- Microsoft Windows NT 4.0
- Linux kernel 2.3.x
- IBM AIX 4.3

Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory.

This is possible via a flaw which allows a default servlet (different servlets are used to parse different types of content, JHTML, HTMl, JSP, etc.) This default servlet will display the document/page without parsing/compiling it hence allowing the code to be viewed by the end user.

The Foundstone, Inc. advisory which covered this problem detailed the following method of verifying the vulnerability - full text of this advisory is available in the 'Credit' section of this entry:

"It is easy to verify this vulnerability for a given system. Prefixing the path to web pages with "/servlet/file/" in the URL causes the file to be displayed without being
parsed or compiled. For example if the URL for a file "login.jsp" is:

http://site.running.websphere/login.jsp

then accessing

http://site.running.websphere/servlet/file/login.jsp

would cause the unparsed contents of the file to show up in the web browser."

標(biāo)簽:潮州 肇慶 紹興 北海 廣元 玉樹 保定 吳忠

巨人網(wǎng)絡(luò)通訊聲明:本文標(biāo)題《IBM WebSphere源代碼暴露漏洞》,本文關(guān)鍵詞  IBM,WebSphere,源代碼,暴露,;如發(fā)現(xiàn)本文內(nèi)容存在版權(quán)問題,煩請(qǐng)?zhí)峁┫嚓P(guān)信息告之我們,我們將及時(shí)溝通與處理。本站內(nèi)容系統(tǒng)采集于網(wǎng)絡(luò),涉及言論、版權(quán)與本站無關(guān)。
  • 相關(guān)文章
  • 下面列出與本文章《IBM WebSphere源代碼暴露漏洞》相關(guān)的同類信息!
  • 本頁收集關(guān)于IBM WebSphere源代碼暴露漏洞的相關(guān)信息資訊供網(wǎng)民參考!
  • 推薦文章