You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oodt.apache.org by "Rishi Verma (JIRA)" <ji...@apache.org> on 2013/10/24 02:07:42 UTC
[jira] [Resolved] (OODT-657) Security vulnerability in web-grid
allows the listing and downloading of any file on system
[ https://issues.apache.org/jira/browse/OODT-657?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rishi Verma resolved OODT-657.
------------------------------
Resolution: Fixed
Resolved in r1535207 (patch 2 applied).
> Security vulnerability in web-grid allows the listing and downloading of any file on system
> -------------------------------------------------------------------------------------------
>
> Key: OODT-657
> URL: https://issues.apache.org/jira/browse/OODT-657
> Project: OODT
> Issue Type: Bug
> Components: grid, product server
> Affects Versions: 0.6
> Reporter: Rishi Verma
> Priority: Critical
> Fix For: 0.7
>
> Attachments: OODT-657.rverma.10-23-2013.patch.2.txt, OODT-657.rverma.10-23-2013.patch.txt
>
>
> The web-grid framework currently has a security vulnerability that allows an attacker to list and download any file on the system.
> As it turns out, the "OFSN" parameter within the URL requests passed to registered product handlers is not validated (for accessing UNIX-style parent directory codes) by either web-grid or the product handlers themselves. Thus, arbitrary file paths (containing the UNIX-style parent directory codes) can be sent in and, in effect, allow the downloading of any file on the system.
> e.g. http://localhost:8080/web-grid-0.7-SNAPSHOT/prod?q=OFSN=/../../../../../etc/passwd+AND+RT%3DRAW
> I'm elevating this issue to critical level.
--
This message was sent by Atlassian JIRA
(v6.1#6144)