Vulnerability Description
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | 5.0 |
References
- http://marc.info/?l=bugtraq&m=111342594129109&w=2
- http://secunia.com/advisories/14962Vendor Advisory
- http://securitytracker.com/id?1013697Vendor Advisory
- http://www.osvdb.org/15501
- http://www.securityfocus.com/bid/13160
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20099
- http://marc.info/?l=bugtraq&m=111342594129109&w=2
- http://secunia.com/advisories/14962Vendor Advisory
- http://securitytracker.com/id?1013697Vendor Advisory
- http://www.osvdb.org/15501
- http://www.securityfocus.com/bid/13160
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20099
FAQ
What is CVE-2005-1112?
CVE-2005-1112 is a vulnerability with a CVSS score of 5.0 (MEDIUM). IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request w...
How severe is CVE-2005-1112?
CVE-2005-1112 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1112?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server.