You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Harry Metske (JIRA)" <ji...@apache.org> on 2014/06/27 16:54:25 UTC
[jira] [Updated] (JSPWIKI-845) Potential path traversal issue with
Search.jsp
[ https://issues.apache.org/jira/browse/JSPWIKI-845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Harry Metske updated JSPWIKI-845:
---------------------------------
Security: (was: Security Vulnerability Disclosure)
> Potential path traversal issue with Search.jsp
> ----------------------------------------------
>
> Key: JSPWIKI-845
> URL: https://issues.apache.org/jira/browse/JSPWIKI-845
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.10.1
> Reporter: Jeff LoBello
>
> Nessus is reporting a security vulnerability in Search.jsp. Here is the report detail...
> Date: Fri 13 Jun 2014 15:29:51 MET
> Vuln#: 2CN46194 (counted)
> Vulnerability: CGI Generic Path Traversal (write test)
> ToDo: Restrict access to the vulnerable application. Contact thevendor for a patch or upgrade.
> CertRef:
> Tool Reference: http://www.nessus.org/plugins/index.php?view=single&id=46194
> Comment:
> NessusOutput:
> Port: 80/tcp
> Using the GET HTTP method, Nessus found that :
> + The following resources may be vulnerable to directory traversal (write access) :
> + The 'query' parameter of the /wiki/Search.jsp CGI :
> /wiki/Search.jsp?details=&start=0&scope=&ok=Find!&maxitems=20&go=Go!&que
> ry=Quick%20Navigation../../../../../../../../../../windows/system32/conf
> ig/sam
> -------- output --------
> HTTP/1.1 302 Found
> -------- vs --------
> HTTP/1.1 200 OK
> ------------------------
> ----------------------------------------
> In my analysis, I do believe this is a real issue. Normally, the above URL for other searches returns a HTTP 302 response & redirect, but in the above instance it returns a HTTP 200 response, so it does appear suspicious.
--
This message was sent by Atlassian JIRA
(v6.2#6252)