You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jspwiki.apache.org by "Florian Holeczek (JIRA)" <ji...@apache.org> on 2011/09/11 01:35:10 UTC

[jira] [Closed] (JSPWIKI-72) Ounce Labs Security Finding: Access Control - Forced Browsing Security Config

     [ https://issues.apache.org/jira/browse/JSPWIKI-72?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Florian Holeczek closed JSPWIKI-72.
-----------------------------------


> Ounce Labs Security Finding: Access Control - Forced Browsing Security Config 
> ------------------------------------------------------------------------------
>
>                 Key: JSPWIKI-72
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-72
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>    Affects Versions: 2.4.104
>            Reporter: Cristian Borlovan
>            Assignee: Andrew Jaquith
>             Fix For: 2.6.0
>
>         Attachments: report.pdf
>
>
> Description: 
> Any users (unauthenticated/authenticated/asserted) can force browse to this page and gain pseudo sensitive information about the security configurations of the application.  This pages details various security configuration of the site, including the access control definition, etc.  Using this information an attacker can determine potential access control weaknesses or misconfiguration related to security.  It appears that this page is intended to only be accessed by administrators, however the access control check on this page is not in place, allowing any user invocation.
> URL: http://localhost:8080/admin/SecurityConfig.jsp
> Recommendation: 
> Consider calling "wikiContext.hasAccess" and/or the appropriate authorization mechanism to ensure that only privileged administrative users can access this page.
> Related Code Locations: 
> 1 findings:
>   Name:           JSPWiki_2_4_104.admin.SecurityConfig_jsp.jspInit():void
>   Type:           Vulnerability.AccessControl
>   Severity:       High
>   Classification: Vulnerability
>   File Name:      Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\web-root\JSPWiki.war\admin\SecurityConfig.jsp
>   Line / Col:     10 / 0
>   Context:        this . javax.servlet.GenericServlet.getServletConfig ()
>     -----------------------------------

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira