[ https://issues.apache.org/jira/browse/AXIS2-5882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andreas Veithen resolved AXIS2-5882. ------------------------------------ Resolution: Invalid > Path Manipulation in WSDL20ToAxisServiceBuilder and PreProcessorInputStream > --------------------------------------------------------------------------- > > Key: AXIS2-5882 > URL: https://issues.apache.org/jira/browse/AXIS2-5882 > Project: Axis2 > Issue Type: Bug > Components: jaxws > Affects Versions: 1.7.6 > Reporter: Donald Kwakkel > Priority: Critical > Labels: security > > Attackers can control the filesystem path argument to File() at > PreProcessorInputStream.java line 218, which allows them to access or modify > otherwise protected files. > Explanation: > Path manipulation errors occur when the following two conditions are met: > 1. An attacker can specify a path used in an operation on the filesystem. > 2. By specifying the resource, the attacker gains a capability that would not > otherwise be permitted. > For example, the program may give the attacker the ability to overwrite the > specified file or run with a configuration controlled by the attacker. > In this case, the attacker can specify the value that enters the program at > readLine() in PreProcessorInputStream.java at line 86, and this value is used > to access a filesystem resource at File() in PreProcessorInputStream.java at > line 218, 230, 232, 250, 253, 278. > Possible solution: Make sure the absolute filename is validated against > known/configured valid base path. > Also: > Attackers can control the filesystem path argument to File() at > WSDL20ToAxisServiceBuilder.java line 153, which allows them to access or > modify otherwise protected files. In this case, the attacker can specify the > value that enters the program at getHeaderField() in > CodeGenerationEngine.java at line 101, and this value is used to access a > filesystem resource at File() in WSDL20ToAxisServiceBuilder.java at line 153 > and 1281. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org