IBM Websphere Application Server是一款功能强大的WEB应用服务程序。
IBM Websphere Application Server处理畸形HTTP请求存在问题,远程攻击者可以利用此漏洞获得JSP代码信息。
在根据4种不同配置情况下,IBM Websphere Application Server可导致JSP源代码内容泄露:
1,从一个应用程序WAR服务JSP,当ibm.web.ext.xmi文件中fileServingEnabled设置为ture,存储在应用程序WAR目录下JSP文件可导致源代码泄露。
2,从扩展文挡ROOT中服务JSP,当ibm.web.ext.xmi文件中fileServingEnabled设置为ture时,从extendedDocumentRoot目录中可访问JSP文件内容。
3,从一个使用servlet缓存启用的应用程序WAR服务JSP,条件与第一种类似,但servlet缓存启用,并使用com.ibm.ws.webcontainer.servlet.SimpleFileServlet.class的缓存策略。
4,从使用servlet缓存启用的扩展文挡ROOT中服务JSP,条件与第二种类似,但servlet缓存启用,并使用com.ibm.ws.webcontainer.servlet.SimpleFileServlet.class的缓存策略。
IBM Websphere Application Server 6.1 .3
IBM Websphere Application Server 6.1 .1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.0.2 .9
IBM Websphere Application Server 6.0.2 .7
IBM Websphere Application Server 6.0.2 .5
IBM Websphere Application Server 6.0.2 .3
IBM Websphere Application Server 6.0.2 .13
IBM Websphere Application Server 6.0.2 .11
IBM Websphere Application Server 6.0.2 .1
IBM Websphere Application Server 6.0.2
IBM Websphere Application Server 6.0.2
IBM Websphere Application Server 6.0
IBM Websphere Application Server 5.1.1 .9
IBM Websphere Application Server 5.1.1 .8
IBM Websphere Application Server 5.1.1 .7
IBM Websphere Application Server 5.1.1 .6
IBM Websphere Application Server 5.1.1 .5
IBM Websphere Application Server 5.1.1 .4
IBM Websphere Application Server 5.1.1 .3
IBM Websphere Application Server 5.1.1 .2
IBM Websphere Application Server 5.1.1 .12
IBM Websphere Application Server 5.1.1 .10
IBM Websphere Application Server 5.1.1 .1
IBM Websphere Application Server 5.1.1
IBM Websphere Application Server 5.1.1
IBM Websphere Application Server 5.1.1
IBM Websphere Application Server 5.1.1
IBM Websphere Application Server 5.1 .0.5
IBM Websphere Application Server 5.1 .0.4
IBM Websphere Application Server 5.1 .0.3
IBM Websphere Application Server 5.1 .0.2
IBM Websphere Application Server 5.1
IBM Websphere Application Server 5.0.2 .9
IBM Websphere Application Server 5.0.2 .8
IBM Websphere Application Server 5.0.2 .7
IBM Websphere Application Server 5.0.2 .6
IBM Websphere Application Server 5.0.2 .5
IBM Websphere Application Server 5.0.2 .4
IBM Websphere Application Server 5.0.2 .3
IBM Websphere Application Server 5.0.2 .2
IBM Websphere Application Server 5.0.2 .16
IBM Websphere Application Server 5.0.2 .15
IBM Websphere Application Server 5.0.2 .14
IBM Websphere Application Server 5.0.2 .13
IBM Websphere Application Server 5.0.2 .12
IBM Websphere Application Server 5.0.2 .11
IBM Websphere Application Server 5.0.2 .10
IBM Websphere Application Server 5.0.2 .1
IBM Websphere Application Server 5.0.2
IBM Websphere Application Server 5.0.1
IBM Websphere Application Server 5.0
IBM Websphere Application Server 6.0.2 Fix Pack 17
可参考如下安全公告获得补丁信息:
<a href="http://www-1.ibm.com/support/docview.wss?uid=swg21243541" target="_blank">http://www-1.ibm.com/support/docview.wss?uid=swg21243541</a>
京公网安备 11010502034610号
暂无评论