Details
Description
The following URLs allow a client to obtain resources from the file system that should not be exposed to the network:
http://auctionmonitor.icefaces.org/auctionMonitor/xmlhttp/%c0%af../WEB-INF/web.xml
http://component-showcase.icefaces.org/component-showcase/xmlhttp/%c0%af../WEB-INF/web.xml
Activity
Ted Goddard
created issue -
Ted Goddard
made changes -
Field | Original Value | New Value |
---|---|---|
Assignee | Mircea Toma [ mircea.toma ] |
Ted Goddard
made changes -
Priority | Major [ 3 ] | Critical [ 2 ] |
Ken Fyten
made changes -
Fix Version/s | 1.7.1 [ 10122 ] | |
Assignee Priority | P1 |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #16558 | Wed Apr 30 17:24:10 MDT 2008 | mircea.toma | Adjust the regular expression. |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/core/ResourceServer.java
|
Mircea Toma
made changes -
Status | Open [ 1 ] | Resolved [ 5 ] |
Resolution | Fixed [ 1 ] |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #16613 | Thu May 08 15:42:20 MDT 2008 | mircea.toma | Backport fixes for |
Files Changed | ||||
MODIFY
/icefaces/branches/icefaces-1.7/icefaces/core/src/com/icesoft/faces/webapp/http/core/ResourceServer.java
|
Ken Fyten
made changes -
Security | Private [ 10001 ] |
Ken Fyten
made changes -
Status | Resolved [ 5 ] | Closed [ 6 ] |
Assignee Priority | P1 | |
Assignee | Mircea Toma [ mircea.toma ] |
Adjust the regular expression used for serving files.