| VID |
22032 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM's HTTP Server on the AS/400 platform is vulnerable to an attack that will show the source code of the page -- such as an .html or .jsp page -- by attaching an '/' to the end of a URL. For examples, If an attacker requests the URL, 'http://www.foo.com/getsource.jsp/' to an affected server, www.foo.com, then the server will deliver the web source code to the browser. |
| Recommendation |
No remedy available as of June 2014. Contact your vendor for a patch. |
| Related URL |
CVE-2001-0446 (CVE) |
| Related URL |
3518 (SecurityFocus) |
| Related URL |
6308,7490 (ISS) |
|
