ICEfaces
  1. ICEfaces
  2. ICE-3032

file disclosure vulnerability in resource serving

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Critical Critical
          • Resolution: Fixed
          • Affects Version/s: 1.7
          • Fix Version/s: 1.7.1
          • Component/s: Framework
          • Labels:
            None
          • Environment:
            ICEfaces

            Description


            The following URLs allow a client to obtain resources from the file system that should not be exposed to the network:

            http://auctionmonitor.icefaces.org/auctionMonitor/xmlhttp/%c0%af../WEB-INF/web.xml
            http://component-showcase.icefaces.org/component-showcase/xmlhttp/%c0%af../WEB-INF/web.xml

              Activity

              Ascending order - Click to sort in descending order
              Ted Goddard created issue -
              Ted Goddard made changes -
              Field Original Value New Value
              Assignee Mircea Toma [ mircea.toma ]
              Ted Goddard made changes -
              Priority Major [ 3 ] Critical [ 2 ]
              Ken Fyten made changes -
              Fix Version/s 1.7.1 [ 10122 ]
              Assignee Priority P1
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #16558 Wed Apr 30 17:24:10 MDT 2008 mircea.toma Adjust the regular expression.
              ICE-3032
              Files Changed
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/core/ResourceServer.java
              Hide
              Permalink
              Mircea Toma added a comment -

              Adjust the regular expression used for serving files.

              Show
              Mircea Toma added a comment - Adjust the regular expression used for serving files.
              Mircea Toma made changes -
              Status Open [ 1 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #16613 Thu May 08 15:42:20 MDT 2008 mircea.toma Backport fixes for ICE-3032
              Files Changed
              Commit graph MODIFY /icefaces/branches/icefaces-1.7/icefaces/core/src/com/icesoft/faces/webapp/http/core/ResourceServer.java
              Ken Fyten made changes -
              Security Private [ 10001 ]
              Ken Fyten made changes -
              Status Resolved [ 5 ] Closed [ 6 ]
              Assignee Priority P1
              Assignee Mircea Toma [ mircea.toma ]

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  Ted Goddard
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: