header-logo
Suggest Exploit
vendor:
WebSphere Application Server
by:
SecurityFocus
8.5
CVSS
HIGH
Remote JSP Source Disclosure
200
CWE
Product Name: WebSphere Application Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

IBM WebSphere Application Server Remote JSP Source Disclosure Vulnerability

A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handle various requests under certain circumstances. An attacker may leverage this issue to disclose JSP source code, facilitating code theft as well as potential further attacks.

Mitigation:

Ensure that the Web server and application server root directories are not located in the same location.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13160/info

A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handle various requests under certain circumstances.

It should be noted that this issue only arises when the Web serve and application server root directories reside in the same location; this is not the default configuration.

An attacker may leverage this issue to disclose JSP source code, facilitating code theft as well as potential further attacks. 

GET /index.jsp HTTP/1.0
Host: NonExistentHost

Navigation

Suggest Exploit

Services By CQR