Author: JT Smith
“IBM’s HTTP Server on the AS/400 platform is vulnerable to an attack that will show the source code of the page — such as an .html or .jsp page — by attaching an ‘/’ to the end of a URL. I was told it was a bug but not a security vulnerability. When I explained that Microsoft had a similar bug (asp dot bug) they told me that “they did not share the same source code base.” I replied to this ludicrous reply: “Isn’t it possible that since you developed servers that function in a similar manner you have the same logical bug?” To this they were speechless.” Help Net Security
Category:
- Linux