IBM Websphere/Net.Commerce Installation Directory Revealing Vulnerability

Net.Commerce is part of the Websphere platform of products distributed by IBM. Net.Commerce provides several versatile features to facilitate e-commerce, and features in performance and reliability.

A problem with the Net.Commerce package could allow a remote user to discover the path of the Websphere installation. By directly referencing the macro.d2w file with an extension of NOEXISTINGHTMLBLOCK, Websphere returns the path of the Net.Commerce software installation.

This makes it possible for a remote user to gather information about the layout of a web infrastructure, which may aid in compromise of the system.


Privacy Statement
Copyright 2010, SecurityFocus