Note: This is an archival copy of Security Sun Alert 201030 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000767.1.
Date of Resolved Release
It may be possible to view the source code of JavaServer Pages (JSP) applications.
This issue can occur in the following releases:
Note: Sun ONE Application Server 6.0 and Sun ONE Application Server 7.0 and later releases are not affected.
All architectures and platforms are impacted by this issue. For supported architectures and OS versions see:
There are no symptoms that would show the described issue has been exploited.
To work around the described issue, register JSPs in the web.xml file and use a servlet mapping to hide the JSP file names. For more information, please see:
This issue is addressed in the following releases:
The above releases are available for download at:
Sun ONE Application Server 6.5, Enterprise Edition
This solution has no attachment