Wednesday, March 01, 2006

WebSphere Application Server Security Flash

WebSphere Application Server Support has issued a security flash: Security: Possible security exposure with JSP source code on IBM WebSphere Application Server Version 5 (PK13792 and PK20181) here are the details:
Under some circumstances, the JavaServer Pages (JSP) source code is returned instead of the formatted output.
Affected versions: WAS 5.0.2.x and 5.1.1.x
Does not affect WAS 6.x

Interim Fixes have been released for the affected versions.
Interim Fix PK13792 (PK13792_50210_50215.jar) - For WebSphere Application Server 5.0.2.x
Interim Fix PK13792 (PK13792_5114_5118.jar) - For WebSphere Application Server 5.1.1 cumulative fix 4 through cumulative fix 8.
Interim Fix PK20181 (PK20181_5119.jar) - For WebSphere Application Server 5.1.1 cumulative fix 9.

These fixes will be rolled into the next cumulative release. The future cumulative fixes for the affected product versions will include these fixes.

To get notified of announcements like this in the future, subscribe to IBM's RSS feed for WAS.

No comments:

Post a Comment