× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. SECURITY400
  3. November 2001

RE: FW: IBM AS/400 HTTP Server '/' attack

You're right. But the distinction is important. If you take your car to a
mechanic and say "change the spark plug because my car won't start" and the
mechanic replies "It's not the spark plug, but rather the boot" then this
is important -- changing the spark plug won't fix the problem you reported.

In this case, someone reported that the Web server was serving JSP source
and it needed to be fixed. The response was "it's not the Web server, it's
WebSphere." Just as in the above scenario, the distinction is very
important.

By the way, this situation can also be caused by the administrator using
PASS statements that are too "liberal" in the "Original" Web server config
file(e.g. PASS /*
/mywebapps-which-include-JSP-files-in-the-html-directory/*). In general it
is a bad idea to have a PASS statement for "/*".

Patrick Botz




                    "Walden H. Leverich"
                    <WaldenL@TechSoftInc       To:     
"'security400@midrange.com'" <security400@midrange.com>
                    .com>                      cc:
                    Sent by:                   Subject:     RE: [Security400] 
FW: IBM AS/400 HTTP Server '/'
                    security400-admin@mi        attack
                    drange.com


                    11/26/2001 10:01 AM
                    Please respond to
                    security400





Isn't that somewhat like a mechanic saying "It's not the spark plug, but
rather the boot?" Either way, my car won't start!

-Walden

------------
Walden H Leverich III
President
Tech Software
(516)627-3800 x11
WaldenL@TechSoftInc.com
http://www.TechSoftInc.com



-----Original Message-----
From: Hall, Philip [mailto:phall@spss.com]
Sent: Monday, November 26, 2001 10:48 AM
To: 'security400@midrange.com'
Subject: [Security400] FW: IBM AS/400 HTTP Server '/' attack


Again, FYI:

> -----Original Message-----
> From: Thomas Reinke [mailto:reinke@e-softinc.com]
> Sent: Wednesday, November 21, 2001 3:50 PM
> To: bugtraq
> Subject: Re: IBM AS/400 HTTP Server '/' attack
>
>
> According to a source from IBM,
>
>    1. It is the WebSphere version 3.5.4 of the File Serving Servlet
>       that is vulnerable, not the web server.
>
>    2. A fix is to be available in fixpack 5 due at end of November.
>
> Thomas
>
_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list To post a message email: Security400@midrange.com To
subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/security400
or email: Security400-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/security400.
_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list
To post a message email: Security400@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/security400
or email: Security400-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/security400.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.