漏洞类别:Web server漏洞等级: 
漏洞信息
It seems that you are running an IBM Websphere Server. If your server is not an IBM Websphere Server, then you can safely ignore this vulnerability.
IBM Websphere Server Versions 3.0.2, 3.0 and 2.0 are case-sensitive. If you change the letters in a JSP or a JHTML file extension from lower case to upper case, such as .jsp to .JSP, the server will not recognize the file extension and will send the file normally. In that manner, a user is able to access the source code to those specific files.
漏洞危害
As a result of this vulnerability being exploited, a remote unauthorized user is able to access the source code to files.
解决方案
Upgrade to the latest version, which is available for download from the IBM Websphere Application Server Support Web site.
0day
文章评论