[19916] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

CHINANSL Security Advisory(CSA-200107)

daemon@ATHENA.MIT.EDU (lovehacker)
Wed Mar 28 21:00:02 2001

Message-ID:  <20010328065546.21300.qmail@securityfocus.com>
Date:         Wed, 28 Mar 2001 06:55:46 -0000
Reply-To: lovehacker@263.NET
From: lovehacker <lovehacker@263.NET>
To: BUGTRAQ@SECURITYFOCUS.COM

Topic:
IBM WCS 4.0.1 + Application Server 3.0.2 for Solaris 
2.7 show ".jsp" source Vulnerability.

vulnerable:
Solaris 2.7
    + IBM WCS4.0,Application Server 3.0.2

discussion:
follow URL insert "/" will be downloading ".jsp" source.

exploits:
http://target/index.jsp/

solution:
to 
http://www.ibm.com/software/webservers/appserv/efi
x.html download new fix .

Copyright 2000-2001 CHINANSL. All Rights 
Reserved. Terms of use. 

CHINANSL Security Team 
<lovehacker@chinansl.com> 
CHINANSL INFORMATION TECHNOLOGY CO.,LTD 
(http://www.chinansl.com)

home	help	back	first	fref	pref	prev	next	nref	lref	last	post