Details
-
Bug
-
Status: Open
-
Trivial
-
Resolution: Unresolved
-
5.1.2
-
None
-
None
-
None
-
chrome
Description
Hello,
Our Nessus scan picked up a 'Web Application Information Disclosure' issue with Apache Roller version 5.1.2.
You can added information into a request and the result is not an error. Specifically, you can add on GET request params to the HTTP request and the requested page will display with no error message (see examples below). The issue appears to be minor and doesn't seem to affect the outcome of the page results (just shows the page as normal). However, it hints that something isn't being checked on the backend and perhaps could be exploited in some way. Also, your users who run a Nessus scanner will have this flagged as a medium-level issue and that may cause some discomfort to sys admins and security admins.
To reproduce (using your own blog):
http://rollerweblogger.org/project/entry/apache-roller-5-1-2?page=convert(varchar,0x7b5d)
http://rollerweblogger.org/project/entry/apache-roller-5-1-2?page=apache-roller-5-1-2.html
http://rollerweblogger.org/project/entry/apachAWIPS%2bIIe-roller-5-1-2?page=1'%20AND%20SLEEP(3)='