[ICE-3032] file disclosure vulnerability in resource serving - ICEsoft JIRA Issue Tracker

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.7
Fix Version/s: 1.7.1
Component/s: Framework
Labels:
None
Environment:
ICEfaces

Description

The following URLs allow a client to obtain resources from the file system that should not be exposed to the network:

http://auctionmonitor.icefaces.org/auctionMonitor/xmlhttp/%c0%af../WEB-INF/web.xml
http://component-showcase.icefaces.org/component-showcase/xmlhttp/%c0%af../WEB-INF/web.xml

Activity

Hide

Permalink

Mircea Toma added a comment - 30/Apr/08 6:27 PM

Adjust the regular expression used for serving files.

Show

Mircea Toma added a comment - 30/Apr/08 6:27 PM Adjust the regular expression used for serving files.

People

Assignee:

Unassigned

Reporter:

Ted Goddard

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

30/Apr/08 11:14 AM

Updated:

07/Jul/08 12:40 PM

Resolved:

30/Apr/08 6:27 PM