Donald Kwakkel created AXIS2-5882:
-------------------------------------
Summary: Path Manipulation in WSDL20ToAxisServiceBuilder and
PreProcessorInputStream
Key: AXIS2-5882
URL: https://issues.apache.org/jira/browse/AXIS2-5882
Project: Axis2
Issue Type: Bug
Components: jaxws
Affects Versions: 1.7.6
Reporter: Donald Kwakkel
Priority: Critical
Attackers can control the filesystem path argument to File() at
PreProcessorInputStream.java line 218, which allows them to access or modify
otherwise protected files.
Explanation:
Path manipulation errors occur when the following two conditions are met:
1. An attacker can specify a path used in an operation on the filesystem.
2. By specifying the resource, the attacker gains a capability that would not
otherwise be permitted.
For example, the program may give the attacker the ability to overwrite the
specified file or run with a configuration controlled by the attacker.
In this case, the attacker can specify the value that enters the program at
readLine() in PreProcessorInputStream.java at line 86, and this value is used
to access a filesystem resource at File() in PreProcessorInputStream.java at
line 218, 230, 232, 250, 253, 278.
Possible solution: Make sure the absolute filename is validated against
known/configured valid base path.
Also:
Attackers can control the filesystem path argument to File() at
WSDL20ToAxisServiceBuilder.java line 153, which allows them to access or modify
otherwise protected files. In this case, the attacker can specify the value
that enters the program at getHeaderField() in CodeGenerationEngine.java at
line 101, and this value is used to access a filesystem resource at File() in
WSDL20ToAxisServiceBuilder.java at line 153 and 1281.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
