Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1112 — IBM Websphere Application Server vulnerability

6 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

12.2%

top 6.15%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Websphere Application Server

Timeline

PublishedMay 2

Latest updateMay 1

Description

IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server20 versions+19

🔴Vulnerability Details

GHSA

GHSA-c7g9-qv7w-xrwq: IBM WebSphere Application Server 6↗2022-05-01

▶

CVEList

CVE-2005-1112: IBM WebSphere Application Server 6↗2005-04-16

▶

💥Exploits & PoCs

Exploit-DB

IBM Websphere 5.0/5.1/6.0 - Application Server Web Server Root JSP Source Code Disclosure↗2005-04-13

▶

Exploit-DB

Magic Winmail Server 4.0 (Build 1112) - 'download.php' Traversal Arbitrary File Access↗2005-01-27

▶

Exploit-DB

Magic Winmail Server 4.0 (Build 1112) - 'upload.php' Traversal Arbitrary File Upload↗2005-01-27

▶