[
https://issues.apache.org/jira/browse/OODT-657?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13804384#comment-13804384
]
Chris A. Mattmann commented on OODT-657:
----------------------------------------
Great work Reesh!
> Security vulnerability in web-grid allows the listing and downloading of any
> file on system
> -------------------------------------------------------------------------------------------
>
> Key: OODT-657
> URL: https://issues.apache.org/jira/browse/OODT-657
> Project: OODT
> Issue Type: Bug
> Components: grid, product server
> Affects Versions: 0.6
> Reporter: Rishi Verma
> Priority: Critical
> Fix For: 0.7
>
> Attachments: OODT-657.rverma.10-23-2013.patch.2.txt,
> OODT-657.rverma.10-23-2013.patch.txt
>
>
> The web-grid framework currently has a security vulnerability that allows an
> attacker to list and download any file on the system.
> As it turns out, the "OFSN" parameter within the URL requests passed to
> registered product handlers is not validated (for accessing UNIX-style parent
> directory codes) by either web-grid or the product handlers themselves. Thus,
> arbitrary file paths (containing the UNIX-style parent directory codes) can
> be sent in and, in effect, allow the downloading of any file on the system.
> e.g.
> http://localhost:8080/web-grid-0.7-SNAPSHOT/prod?q=OFSN=/../../../../../etc/passwd+AND+RT%3DRAW
> I'm elevating this issue to critical level.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
