CVE-2006-6637 Information

Description

The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17 when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled allows remote attackers to obtain JSP source code and other sensitive information via \specific requests.\

Reference

http://secunia.com/advisories/23414 http://secunia.com/advisories/24478 http://www.securityfocus.com/bid/21636 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2006/5050 http://www.vupen.com/english/advisories/2007/0970 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24015155 http://www-1.ibm.com/support/docview.wss?uid=swg27006876