Exploitation Summary
EIP tracks 1 public exploit for CVE-2005-1112. PoCs published by SPI Labs.
AI-analyzed exploit summary The exploit demonstrates a JSP source disclosure vulnerability in IBM WebSphere Application Server by sending a crafted HTTP request with a non-existent host header. This forces the server to leak the source code of the requested JSP file under specific non-default configurations.
Description
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine.
Exploits (1)
The exploit demonstrates a JSP source disclosure vulnerability in IBM WebSphere Application Server by sending a crafted HTTP request with a non-existent host header. This forces the server to leak the source code of the requested JSP file under specific non-default configurations.