CVE-2006-6637

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions prior to 6.0.2.17

Description The issue in the Servlet Engine and Web Container of IBM WebSphere Application Server allows remote attackers to obtain sensitive information, including JSP source code, under specific conditions. This occurs when the ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allowing attackers to send specific requests to exploit this weakness.

Recommendations For versions prior to 6.0.2.17, update to version 6.0.2.17 or later to resolve the issue. As a temporary workaround, consider setting fileServingEnabled to false in ibm-web-ext.xmi or disabling servlet caching to minimize the risk of exploitation.