IBM WebSphere allows remote malicious users to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere application server 3.0.21 |
||
ibm websphere application server 2.0 |
||
ibm websphere application server 3.0 |