[jira] [Resolved] (AXIS2-5882) Path Manipulation in WSDL20ToAxisServiceBuilder and PreProcessorInputStream

Sun, 10 Sep 2017 13:20:50 -0700 

     [ 
https://issues.apache.org/jira/browse/AXIS2-5882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andreas Veithen resolved AXIS2-5882.
------------------------------------
    Resolution: Invalid

> Path Manipulation in WSDL20ToAxisServiceBuilder and PreProcessorInputStream
> ---------------------------------------------------------------------------
>
>                 Key: AXIS2-5882
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5882
>             Project: Axis2
>          Issue Type: Bug
>          Components: jaxws
>    Affects Versions: 1.7.6
>            Reporter: Donald Kwakkel
>            Priority: Critical
>              Labels: security
>
> Attackers can control the filesystem path argument to File() at 
> PreProcessorInputStream.java line 218, which allows them to access or modify 
> otherwise protected files.
> Explanation:
> Path manipulation errors occur when the following two conditions are met:
> 1. An attacker can specify a path used in an operation on the filesystem.
> 2. By specifying the resource, the attacker gains a capability that would not 
> otherwise be permitted.
> For example, the program may give the attacker the ability to overwrite the 
> specified file or run with a configuration controlled by the attacker.
> In this case, the attacker can specify the value that enters the program at 
> readLine() in PreProcessorInputStream.java at line 86, and this value is used 
> to access a filesystem resource at File() in PreProcessorInputStream.java at 
> line 218, 230, 232, 250, 253, 278.
> Possible solution: Make sure the absolute filename is validated against 
> known/configured valid base path.
> Also: 
> Attackers can control the filesystem path argument to File() at 
> WSDL20ToAxisServiceBuilder.java line 153, which allows them to access or 
> modify otherwise protected files. In this case, the attacker can specify the 
> value that enters the program at getHeaderField() in 
> CodeGenerationEngine.java at line 101, and this value is used to access a 
> filesystem resource at File() in WSDL20ToAxisServiceBuilder.java at line 153 
> and 1281.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to