-
Sub-task
-
Resolution: Done
-
Medium
-
Beijing Release
-
None
Explanation
The Oracle GlassFish Server Open Source Edition is vulnerable to Directory Traversal. The set() function in the CharChunk class uses UTF8Decoder class to convert from UTF8 bytes to chars, which allows URL encoded characters such as “%C0%2F” without properly escaping them. An attacker can exploit this vulnerability on the admin console by crafting a GET request containing encoded sequences such as “..%C0%2F”, and potentially gain access to arbitrary files beyond the allowed root directory.
Detection
The application is vulnerable by using this component.
Recommendation
We recommend upgrading to a version of this component that is not vulnerable to this specific issue.
This issue depends on cdp-pal.
[INFO] +- com.att.cdp:cdp-pal-openstack:jar:1.1.25.6-oss:compile
[INFO] | +- org.yaml:snakeyaml:jar:1.15:compile
[INFO] | +- com.att.woorea:keystone-client:jar:3.3.28-oss:compile
[INFO] | | +- com.att.woorea:openstack-client:jar:3.3.28-oss:compile
[INFO] | | - com.att.woorea:keystone-model:jar:3.3.28-oss:compile
[INFO] | +- com.att.woorea:nova-client:jar:3.3.28-oss:compile
[INFO] | | - com.att.woorea:nova-model:jar:3.3.28-oss:compile
[INFO] | +- com.att.woorea:cinder-client:jar:3.3.28-oss:compile
[INFO] | | - com.att.woorea:cinder-model:jar:3.3.28-oss:compile
[INFO] | +- com.att.woorea:glance-client:jar:3.3.28-oss:compile
[INFO] | | - com.att.woorea:glance-model:jar:3.3.28-oss:compile
[INFO] | +- com.att.woorea:heat-client:jar:3.3.28-oss:compile
[INFO] | | - com.att.woorea:heat-model:jar:3.3.28-oss:compile
[INFO] | +- com.att.woorea:quantum-client:jar:3.3.28-oss:compile
[INFO] | | - com.att.woorea:quantum-model:jar:3.3.28-oss:compile
[INFO] | +- com.att.woorea:jersey2-connector:jar:3.3.28-oss:compile
[INFO] | | - org.glassfish.jersey.core:jersey-client:jar:2.25.1:compile
[INFO] | +- org.glassfish.jersey.media:jersey-media-json-jackson:jar:2.25.1:compile
[INFO] | | - org.glassfish.jersey.ext:jersey-entity-filtering:jar:2.25.1:compile
[INFO] | - org.glassfish.jersey.connectors:jersey-grizzly-connector:jar:2.25.1:compile
[INFO] | +- org.glassfish.grizzly:grizzly-http-client:jar:1.11:compile
[INFO] | +- org.glassfish.grizzly:grizzly-websockets:jar:2.3.28:compile
[INFO] | | +- org.glassfish.grizzly:grizzly-framework:jar:2.3.28:compile
[INFO] | | - org.glassfish.grizzly:grizzly-http:jar:2.3.28:compile
[INFO] | - org.glassfish.grizzly:connection-pool:jar:2.3.28:compile