Uploaded image for project: 'Service Design and Creation'
  1. Service Design and Creation
  2. SDC-4169

application exposed to path traversal attack

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Medium Medium
    • Kohn Release
    • Kohn Release
    • SDC
    • None

      High severity issue was reported:

      H4 - SDC application exposed to path traversal attack
      Severity High
      Impact/Threat SDC resources can be accessed directly by URL, exposing system to potential directory traversal vulnerability
      Description SDC application resources under /sdc1/scripts can be directly accessed via URL, allowing users to browse through files and get system info, eg JVM property configuration file or bash executable.
      This may lead to unwanted system information leakage.
       


       
      Solution/Mitigation Disable directory listing

      High severity of this issue is caused by the type of files exposed by this issue (scripts, code etc.).

        1. image-2022-09-07-16-55-57-569.png
          image-2022-09-07-16-55-57-569.png
          206 kB
        2. image-2022-09-07-16-56-19-045.png
          image-2022-09-07-16-56-19-045.png
          188 kB

            vasraz vasraz
            vasraz vasraz
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: