PK22928; 6.0.2.9: source code of JSP might be displayed in certain circumstances

Download

Abstract

The source code of a JSP might be displayed for some special URIs.

Download Description

PK22928 resolves the following problem:

ERROR DESCRIPTION
With fileServingEnabled="true". URIs with special characters may be served as plain text, with raw content sent back to client.

LOCAL FIX

PROBLEM SUMMARY

USERS AFFECTED:
WebSphere Application Server Users of version 6.0.

PROBLEM DESCRIPTION
Source code of a JSP might be displayed for some special URIs.

RECOMMENDATION:
None

With fileServingEnabled="true", URIs with special characters may be served as plain text, with raw content sent back to the client.

PROBLEM CONCLUSION:
A specific JSP URL might expose JSP source code rather than JSP page. With this fix, it will show a 403 Forbidden error.

The fix is targetted for inclusion in 6.0.2.11. Please refer to the recommended updates page for delivery
information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

Please download the UpdateInstaller below to install this fix.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"4497","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK22928/readme.txt"}]

Off

          [{"DNLabel":"6.0.0.1_6.0.0.2-WS-WAS-IFPK22928","DNDate":"08-04-2006","DNLang":"US English","DNSize":"13759","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK22928/6.0.0.1_6.0.0.2-WS-WAS-IFPK22928.pak","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK22928/6.0.0.1_6.0.0.2-WS-WAS-IFPK22928.pak"},{"DNLabel":"6.0.0.3-WS-WAS-IFPK22928","DNDate":"08-04-2006","DNLang":"US English","DNSize":"13792","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK22928/6.0.0.3-WS-WAS-IFPK22928.pak","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK22928/6.0.0.3-WS-WAS-IFPK22928.pak"},{"DNLabel":"6.0.1.0-WS-WAS-IFPK22928","DNDate":"08-04-2006","DNLang":"US English","DNSize":"13790","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK22928/6.0.1.0-WS-WAS-IFPK22928.pak","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK22928/6.0.1.0-WS-WAS-IFPK22928.pak"},{"DNLabel":"6.0.1.2-WS-WAS-IFPK22928","DNDate":"08-04-2006","DNLang":"US English","DNSize":"13798","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK22928/6.0.1.2-WS-WAS-IFPK22928.pak","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK22928/6.0.1.2-WS-WAS-IFPK22928.pak"},{"DNLabel":"6.0.2.7_6.0.2.9-WS-WAS-IFPK22928","DNDate":"08-04-2006","DNLang":"US English","DNSize":"23277","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK22928/6.0.2.7_6.0.2.9-WS-WAS-IFPK22928.pak","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK22928/6.0.2.7_6.0.2.9-WS-WAS-IFPK22928.pak"},{"DNLabel":"6.0.2_6.0.2.5-WS-WAS-IFPK22928","DNDate":"08-04-2006","DNLang":"US English","DNSize":"22985","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK22928/6.0.2_6.0.2.5-WS-WAS-IFPK22928.pak","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK22928/6.0.2_6.0.2.5-WS-WAS-IFPK22928.pak"}]
          

Technical Support

Contact IBM Support using SR (http://www-306.ibm.com/software/support/probsub.html), visit the WebSphere Application Server Support Web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV(U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Servlet Engine\/Web Container","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF012","label":"IBM i"}],"Version":"6.0.0.2;6.0.0.3;6.0.1;6.0.1.2;6.0.2;6.0.2.1;6.0.2.2;6.0.2.3;6.0.2.4;6.0.2.5;6.0.2.6;6.0.2.7;6.0.2.9","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Java SDK","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Problems (APARS) fixed
PK22928

Was this topic helpful?

Document Information

Modified date:
15 June 2018

UID

swg24013030

Tips