IBM HTTP Server Source Code Disclosure Vulnerability

Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code.

If a '/' is appended to the end of a request for an existing script, then this will cause the script's source code to be displayed.

There is a potential that this issue may result in sensitive information being disclosed to attackers, depending on the contents of the script source code.

*It has been reported that the source of this issue is due to WebSphere Application server 3.5.4. However this has not yet been confirmed by the vendor.


 

Privacy Statement
Copyright 2010, SecurityFocus