[jira] [Closed] (JSPWIKI-1095) Local File Inclusion (limited ROOT folder) leads to user information disclosure

JIRA Tue, 26 Mar 2019 14:52:58 -0700


     [ 
https://issues.apache.org/jira/browse/JSPWIKI-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Juan Pablo Santos Rodríguez closed JSPWIKI-1095.
------------------------------------------------

> Local File Inclusion (limited ROOT folder) leads to user information 
> disclosure
> -------------------------------------------------------------------------------
>
>                 Key: JSPWIKI-1095
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-1095
>             Project: JSPWiki
>          Issue Type: Task
>    Affects Versions: 2.9, 2.9.1, 2.10, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 
> 2.10.5, 2.11.0-M1, 2.11.0-M2
>            Reporter: Juan Pablo Santos Rodríguez
>            Assignee: Juan Pablo Santos Rodríguez
>            Priority: Blocker
>             Fix For: 2.11.0-M3
>
>
> {{DefaultURLConstructor#getForwardPage(req)}} allows a specially crafted url 
> to access files under the ROOT directory of the application, including, but 
> not limited to, {{userdatabase.xml}}.
> Reported by Muthukumar Marikani.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Closed] (JSPWIKI-1095) Local File Inclusion (limited ROOT folder) leads to user information disclosure

Reply via email to