IBM HTTP Server Source Code Disclosure Vulnerability

IBM HTTP Server Source Code Disclosure Vulnerability

Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code.

If a '/' is appended to the end of a request for an existing script, then this will cause the script's source code to be displayed.

There is a potential that this issue may result in sensitive information being disclosed to attackers, depending on the contents of the script source code.

*It has been reported that the source of this issue is due to WebSphere Application server 3.5.4. However this has not yet been confirmed by the vendor.