Uploaded image for project: 'OODT'
  1. OODT
  2. OODT-657

Security vulnerability in web-grid allows the listing and downloading of any file on system

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 0.6
    • Fix Version/s: 0.7
    • Component/s: grid, product server
    • Labels:
      None
    • Skill Level:
      Don't Know (Unsure) - The default level

      Description

      The web-grid framework currently has a security vulnerability that allows an attacker to list and download any file on the system.

      As it turns out, the "OFSN" parameter within the URL requests passed to registered product handlers is not validated (for accessing UNIX-style parent directory codes) by either web-grid or the product handlers themselves. Thus, arbitrary file paths (containing the UNIX-style parent directory codes) can be sent in and, in effect, allow the downloading of any file on the system.

      e.g. http://localhost:8080/web-grid-0.7-SNAPSHOT/prod?q=OFSN=/../../../../../etc/passwd+AND+RT%3DRAW

      I'm elevating this issue to critical level.

        Attachments

        1. OODT-657.rverma.10-23-2013.patch.2.txt
          10 kB
          Rishi Verma
        2. OODT-657.rverma.10-23-2013.patch.txt
          12 kB
          Rishi Verma

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              riverma Rishi Verma
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: