[COCOON-848] Security : Directory traversal in "view-source" - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.1.2
Fix Version/s: None
Component/s: - Components: Avalon
Labels:
None
Environment:
Operating System: All
Platform: All

Bugzilla Id:
23949

Description

http://a_Host.com:8888/samples/view-source?filename=../../../boot.ini allows
to download the "boot.ini" file (located in the root of C drive under Window
NT/2000/XP).

I know this is only a sample script but unfortunately a lot of people do
install their production machines with samples installed...

A check on the filename should be done.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Thierry De Leeuw

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 21/Oct/03 00:45

Updated:: 16/Feb/11 14:08

Resolved:: 24/Oct/05 18:05