bugtraq id 1500
class access validation error
cve generic-map-nomatch
remote yes
local yes
published july 24, 2000
updated july 24, 2000
vulnerable ibm websphere application server 3.0.21
- sun solaris 8.0
- microsoft windows nt 4.0
- linux kernel 2.3.x
- ibm aix 4.3
ibm websphere application server 3.0
- sun solaris 8.0
- novell netware 5.0
- microsoft windows nt 4.0
- linux kernel 2.3.x
- ibm aix 4.3
ibm websphere application server 2.0
- sun solaris 8.0
- novell netware 5.0
- microsoft windows nt 4.0
- linux kernel 2.3.x
- ibm aix 4.3
certain versions of the ibm websphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory.
this is possible via a flaw which allows a default servlet (different servlets are used to parse different types of content, jhtml, html, jsp, etc.) this default servlet will display the document/page without parsing/compiling it hence allowing the code to be viewed by the end user.
the foundstone, inc. advisory which covered this problem detailed the following method of verifying the vulnerability - full text of this advisory is available in the 'credit' section of this entry:
"it is easy to verify this vulnerability for a given system. prefixing the path to web pages with "/servlet/file/" in the url causes the file to be displayed without being
parsed or compiled. for example if the url for a file "login.jsp" is:
http://site.running.websphere/login.jsp
then accessing
http://site.running.websphere/servlet/file/login.jsp
would cause the unparsed contents of the file to show up in the web browser."
