WebSphere Application Server V6.0 Security advisory

21 April 2005

Remote Vulnerabilities in WebSphere Application Server

Synopsis: Dr_insane has discovered some remote vulnerabilities in WebSphere Application Server V6.0. WebSphere® 
Application Server is a Java™ 2 Enterprise Edition (J2EE™) and Web services technology-based application platform,
delivering a high-performance and extremely scalable transaction engine for dynamic e-business applications.
The vulnerabilies allow a remote attacker to execute arbitrary script code in a user's
browser session in context of a vulnerable site as well as to reaveal the source code of .jsp files.

Affected Systems:
WebSphere Application Server V6.0 for Windows

Description:
The first vulnerability is a basic cross site scripting attack that can be performed by a remote attacker
to execute sript code in a user's browser session in context of a vulnerable site.
WebSphere Application Server V6.0 comes with a default 404 error page.This 404 error page presents
the path of the file requested, and is not filtering it for hazardous characters.

example: http://127.0.0.1:9080/<script>alert()</script>.jsp

The second vulnerability can be performed to read the source code of jsp files.By assigning a space
%20 after the .jsp file you will get its source code.

example: http://127.0.0.1:9080/somefile.jsp%20


Credit:
Dr_insane
dr_insane@pathfinder.gr