Rishi Verma created OODT-657:
--------------------------------
Summary: Security vulnerability in web-grid allows the listing and
downloading of any file on system
Key: OODT-657
URL: https://issues.apache.org/jira/browse/OODT-657
Project: OODT
Issue Type: Bug
Components: grid, product server
Affects Versions: 0.6
Reporter: Rishi Verma
Priority: Critical
Fix For: 0.7
The web-grid framework currently has a security vulnerability that allows an
attacker to list and download any file on the system.
As it turns out, the "OFSN" parameter within the URL requests passed to
registered product handlers is not validated by either web-grid or the product
handlers themselves. Thus, arbitrary file paths can be sent in and in effect,
allow the downloading of any file on the system.
e.g.
http://localhost:8080/web-grid-0.7-SNAPSHOT/prod?q=OFSN=/../../../../../etc/passwd+AND+RT%3DRAW
I'm elevating this issue to critical level.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
