ICEfaces
  1. ICEfaces
  2. ICE-3032

file disclosure vulnerability in resource serving

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Critical Critical
          • Resolution: Fixed
          • Affects Version/s: 1.7
          • Fix Version/s: 1.7.1
          • Component/s: Framework
          • Labels:
            None
          • Environment:
            ICEfaces

            Description


            The following URLs allow a client to obtain resources from the file system that should not be exposed to the network:

            http://auctionmonitor.icefaces.org/auctionMonitor/xmlhttp/%c0%af../WEB-INF/web.xml
            http://component-showcase.icefaces.org/component-showcase/xmlhttp/%c0%af../WEB-INF/web.xml

              Activity

              Repository Revision Date User Message
              ICEsoft Public SVN Repository #16613 Thu May 08 15:42:20 MDT 2008 mircea.toma Backport fixes for ICE-3032
              Files Changed
              Commit graph MODIFY /icefaces/branches/icefaces-1.7/icefaces/core/src/com/icesoft/faces/webapp/http/core/ResourceServer.java
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #16558 Wed Apr 30 17:24:10 MDT 2008 mircea.toma Adjust the regular expression.
              ICE-3032
              Files Changed
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/core/ResourceServer.java

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  Ted Goddard
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: