Uploaded image for project: 'OODT (Retired)'
  1. OODT (Retired)
  2. OODT-657

Security vulnerability in web-grid allows the listing and downloading of any file on system

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 0.6
    • 0.7
    • grid, product server
    • None
    • Don't Know (Unsure) - The default level

    Description

      The web-grid framework currently has a security vulnerability that allows an attacker to list and download any file on the system.

      As it turns out, the "OFSN" parameter within the URL requests passed to registered product handlers is not validated (for accessing UNIX-style parent directory codes) by either web-grid or the product handlers themselves. Thus, arbitrary file paths (containing the UNIX-style parent directory codes) can be sent in and, in effect, allow the downloading of any file on the system.

      e.g. http://localhost:8080/web-grid-0.7-SNAPSHOT/prod?q=OFSN=/../../../../../etc/passwd+AND+RT%3DRAW

      I'm elevating this issue to critical level.

      Attachments

        1. OODT-657.rverma.10-23-2013.patch.2.txt
          10 kB
          Rishi Verma
        2. OODT-657.rverma.10-23-2013.patch.txt
          12 kB
          Rishi Verma

        Activity

          People

            Unassigned Unassigned
            riverma Rishi Verma
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: