From lovehacker@263.NET Wed Mar 28 19:02:30 2001
From: lovehacker <lovehacker@263.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Date: Wed, 28 Mar 2001 06:55:46 -0000
Subject: [BUGTRAQ] CHINANSL Security Advisory(CSA-200107)

Topic:
IBM WCS 4.0.1 + Application Server 3.0.2 for Solaris 
2.7 show ".jsp" source Vulnerability.

vulnerable:
Solaris 2.7
    + IBM WCS4.0,Application Server 3.0.2

discussion:
follow URL insert "/" will be downloading ".jsp" source.

exploits:
http://target/index.jsp/

solution:
to 
http://www.ibm.com/software/webservers/appserv/efi
x.html download new fix .

Copyright 2000-2001 CHINANSL. All Rights 
Reserved. Terms of use. 

CHINANSL Security Team 
<lovehacker@chinansl.com> 
CHINANSL INFORMATION TECHNOLOGY CO.,LTD 
(http://www.chinansl.com)