IBM AS/400 HTTP Server '/' attack

“IBM’s HTTP Server on the AS/400 platform is vulnerable to an attack that will show the source code of the page — such as an .html or .jsp page — by attaching an ‘/’ to the end of a URL. I was told it was a bug but not a security vulnerability. When I explained that Microsoft had a similar bug (asp dot bug) they told me that “they did not share the same source code base.” I replied to this ludicrous reply: “Isn’t it possible that since you developed servers that function in a similar manner you have the same logical bug?” To this they were speechless.” Help Net Security

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR