File access problem in webMathematica 1.0.0 and 1.0.0.1

A potential security problem exists in webMathematica 1.0.0 and 1.0.0.1. The problem can allow read access to files on the computer on which webMathematica is running.

Replace your MSP servlet with a new one available from http://support.wolfram.com/webmathematica/security/files/MSP.class. The new servlet can be installed as described below.

The MSP.class file is typically found inside the webMathematica web application in the WEB-INF/classes directory. On Windows a typical location would be:

C:\Program Files\Apache Tomcat 4.0\webapps\webMathematica\WEB-INF\classes

while on Linux/Unix a typical location would be:

/usr/local/tomcat/webapps/webMathematica/WEB-INF/classes

After installing the new MSP.class you should restart your server.

You may also wish to update the copy of the MSP.class file which is found in the Mathematica MSP application. This is only provided for an archive, as typically, the version in the webMathematica web application is used. On Windows a typical location might be

C:\Program Files\Wolfram Research\Mathematica\4.1\AddOns\Applications\MSP\SystemAdditions\Servlets

while on Linux/Unix a typical location might be:

/usr/local/mathematica/AddOns/Applications/MSP/SystemAdditions/Servlets

If you use Apache JServ, or make use of the images servlet you may wish to update your images.class as well. This is described here. You may skip this step if you use a servlet container that supports web applications such as Apache Tomcat and you do not intend ever to use the images servlet.

Download this FAQ as a Mathematica 5.2 Notebook

Questions or comments? Send email to support@wolfram.com.