CVE-2005-1112

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 6.0 and earlier

Description The issue allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header. This occurs because the document root of the web server is shared, causing the page to be processed by the web server instead of the JSP engine.

Recommendations For IBM WebSphere Application Server versions 6.0 and earlier, consider restricting access to the document root of the web server to prevent remote attackers from obtaining the source code for Java Server Pages. As a temporary workaround, restrict the use of invalid Host headers in HTTP requests until a fix is available.