Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-2779

Directory traversal vulnerability while serving static content

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 2.0.0
    • 2.0.12, 2.1.3
    • Dispatch Filter
    • None

    Description

      FilterDispatcher (in 2.0) and DefaultStaticContentLoader (in 2.1) have a security vulnerability that allows an attacker to traverse the directory structure and download files outside the "static" content folder, using double-encoded urls and relative paths, like:

      http://localhost:8080/struts2-blank-2.0.11.1/struts..

      http://localhost:8080/struts2-blank-2.0.11.1/struts/..%252f

      http://exampletomcat.com:8080/struts2-blank-2.0.11.1/struts/..%252f..%252f..%252fWEB-INF/classess/example/Login.class/

      Not all container are vulnerable to this, but Struts code needs to be fixed to avoid serving static content outside the static folders.

      Attachments

        Activity

          People

            musachy Musachy Barroso
            musachy Musachy Barroso
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: