Description
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine.
Product(s):
- IBM WebSphere Application Server 5.0.1
- IBM WebSphere Application Server 5.0.2.1
- IBM WebSphere Application Server 5.0.2.3
- IBM WebSphere Application Server 5.0.2.4
- IBM WebSphere Application Server 5.0.2.5
- IBM WebSphere Application Server 5.0.2.6
- IBM WebSphere Application Server 5.0.2.7
- IBM WebSphere Application Server 5.0.2.8
- IBM WebSphere Application Server 5.0.2.9
- IBM WebSphere Application Server 5.0.2
- IBM WebSphere Application Server 5.0
- IBM WebSphere Application Server 5.1.0.2
- IBM WebSphere Application Server 5.1.0.4
- IBM WebSphere Application Server 5.1.0.5
- IBM WebSphere Application Server 5.1.0
- IBM WebSphere Application Server 5.1.1.1
- IBM WebSphere Application Server 5.1.1.2
- IBM WebSphere Application Server 5.1.1.3
- IBM WebSphere Application Server 5.1.1
- IBM WebSphere Application Server 6.0
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-1112, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-1112 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.