PT-2005-2129 · Ibm · Ibm Websphere Application Server

Published

2005-04-16

Updated

2017-07-11

CVE-2005-1112

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 6.0 and earlier

Description The issue allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header. This occurs because the document root of the web server is shared, causing the page to be processed by the web server instead of the JSP engine.

Recommendations For IBM WebSphere Application Server versions 6.0 and earlier, consider restricting access to the document root of the web server to prevent remote attackers from obtaining the source code for Java Server Pages. As a temporary workaround, restrict the use of invalid Host headers in HTTP requests until a fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1112

Affected Products

Ibm Websphere Application Server

PT-2005-2129 · Ibm · Ibm Websphere Application Server

CVE-2005-1112

Related Identifiers

Affected Products

References · 9