5044 matches found
IBM HTTP Server 1.3.x - Source Code Disclosure
source: https://www.securityfocus.com/bid/3518/info Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code. If a '/' is appended to the end of a request for an...
WebSphere application server plugin issue & vendor fix
I've had the opportunity to work with IBM WebSphere application server for a few months now and, in the course of playing around with some buffer overrun testing, a potential issue came up. WebSphere uses the HTTP Host: header to decide which WAS Virtual Host will service a particular request...
IBM Websphere Application Server 3.0.2 Server Plugin - Denial of Service
source: https://www.securityfocus.com/bid/1691/info Large amounts of data ie 1092+ characters in the Host: request header may cause the web server process to fault on signal 11 SIGSEGV or signal 10 SIGBUS. GET /servletsnoop HTTP/1.0 Host: xxxxxxxxxxxxxxxxxxxxxxxx1092+ characters resulted in the...
IBM WebSphere JSP showcode vulnerability
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory IBM WebSphere Application Server ---------------------------------------------------------------------- FS Advisory ID: FS-061200-3-IBM Release Date: June 12, 2000 Product: WebSphere Application Server Vendo...