You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Florian Holeczek (JIRA)" <ji...@apache.org> on 2011/09/11 02:05:09 UTC
[jira] [Closed] (JSPWIKI-83) Ounce Labs Security Finding: DOS -
Readlines
[ https://issues.apache.org/jira/browse/JSPWIKI-83?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Florian Holeczek closed JSPWIKI-83.
-----------------------------------
> Ounce Labs Security Finding: DOS - Readlines
> ---------------------------------------------
>
> Key: JSPWIKI-83
> URL: https://issues.apache.org/jira/browse/JSPWIKI-83
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.4.104
> Reporter: Cristian Borlovan
> Priority: Minor
> Attachments: report.pdf
>
>
> Description:
> The application contains a variety of different locations where unbound reads may theoretically expose the application to DOS attacks. If an attacker is capable of controlling whether the reads continue he may cause the DOS attack.
> Recommendation:
> Ensure that the reads are bound by a certain threshold to prevent DOS potentials.
> Related Code Locations:
> 11 findings:
> Name: com.ecyrd.jspwiki.diff.ExternalDiffProvider.colorizeDiff(java.lang.String):java.lang.String
> Type: Vulnerability.AppDOS
> Severity: Low
> Classification: Vulnerability
> File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\diff\ExternalDiffProvider.java
> Line / Col: 165 / 0
> Context: in . java.io.BufferedReader.readLine ()
> -----------------------------------
> Name: com.ecyrd.jspwiki.providers.RCSFileProvider.getPageInfo(java.lang.String;int):com.ecyrd.jspwiki.WikiPage
> Type: Vulnerability.AppDOS
> Severity: Low
> Classification: Vulnerability
> File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\providers\RCSFileProvider.java
> Line / Col: 148 / 0
> Context: stdout . java.io.BufferedReader.readLine ()
> -----------------------------------
> Name: com.ecyrd.jspwiki.SearchMatcher.matchPageContent(java.lang.String;java.lang.String):com.ecyrd.jspwiki.SearchResult
> Type: Vulnerability.AppDOS
> Severity: Low
> Classification: Vulnerability
> File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\SearchMatcher.java
> Line / Col: 67 / 0
> Context: in . java.io.BufferedReader.readLine ()
> -----------------------------------
> Name: com.ecyrd.jspwiki.providers.RCSFileProvider.getVersionHistory(java.lang.String):java.util.List
> Type: Vulnerability.AppDOS
> Severity: Low
> Classification: Vulnerability
> File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\providers\RCSFileProvider.java
> Line / Col: 471 / 0
> Context: stdout . java.io.BufferedReader.readLine ()
> -----------------------------------
> Name: com.ecyrd.jspwiki.providers.RCSFileProvider.getPageText(java.lang.String;int):java.lang.String
> Type: Vulnerability.AppDOS
> Severity: Low
> Classification: Vulnerability
> File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\providers\RCSFileProvider.java
> Line / Col: 278 / 0
> Context: stderr . java.io.BufferedReader.readLine ()
> -----------------------------------
> Name: com.ecyrd.jspwiki.FileUtil.runSimpleCommand(java.lang.String;java.lang.String):java.lang.String
> Type: Vulnerability.AppDOS
> Severity: Low
> Classification: Vulnerability
> File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\FileUtil.java
> Line / Col: 114 / 0
> Context: stderr . java.io.BufferedReader.readLine ()
> -----------------------------------
> Name: com.ecyrd.jspwiki.FileUtil.runSimpleCommand(java.lang.String;java.lang.String):java.lang.String
> Type: Vulnerability.AppDOS
> Severity: Low
> Classification: Vulnerability
> File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\FileUtil.java
> Line / Col: 108 / 0
> Context: stdout . java.io.BufferedReader.readLine ()
> -----------------------------------
> Name: com.ecyrd.jspwiki.providers.RCSFileProvider.deleteVersion(java.lang.String;int):void
> Type: Vulnerability.AppDOS
> Severity: Low
> Classification: Vulnerability
> File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\providers\RCSFileProvider.java
> Line / Col: 605 / 0
> Context: stderr . java.io.BufferedReader.readLine ()
> -----------------------------------
> Name: com.ecyrd.jspwiki.filters.SpamFilter.parseBlacklist(java.lang.String):java.util.Collection
> Type: Vulnerability.AppDOS
> Severity: Low
> Classification: Vulnerability
> File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\filters\SpamFilter.java
> Line / Col: 224 / 0
> Context: in . java.io.BufferedReader.readLine ()
> -----------------------------------
> Name: com.ecyrd.jspwiki.providers.RCSFileProvider.getPageInfo(java.lang.String;int):com.ecyrd.jspwiki.WikiPage
> Type: Vulnerability.AppDOS
> Severity: Low
> Classification: Vulnerability
> File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\providers\RCSFileProvider.java
> Line / Col: 212 / 0
> Context: stdout . java.io.BufferedReader.readLine ()
> -----------------------------------
> Name: com.ecyrd.jspwiki.providers.RCSFileProvider.putPageText(com.ecyrd.jspwiki.WikiPage;java.lang.String):void
> Type: Vulnerability.AppDOS
> Severity: Low
> Classification: Vulnerability
> File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\providers\RCSFileProvider.java
> Line / Col: 394 / 0
> Context: error . java.io.BufferedReader.readLine ()
> -----------------------------------
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira