DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23949>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23949 Security : Directory traversal in "view-source" ------- Additional Comments From [EMAIL PROTECTED] 2003-10-23 14:32 ------- Just to summarize to get a nice endcap to all this - the vulnerability report is at: http://www.securiteam.com/securitynews/6W00L0U8KC.html The vulnerability can be summed up as follows: If... ...you run any of the affected versions, and... ...you have the Cocoon samples installed, then... ...you are vulnerable. So if you either run a non-vulnerable version, or do not have samples installed, you're fine. For reference, the offensive part is here: <!-- ========================= Utilities ================================ --> <map:match pattern="view-source"> <!-- colourize files that are known to be XML --> <map:match type="filename" pattern="((xml)|(xsp)|(xmap)|(xconf))$"> <map:generate src="common/view-source.xsp" type="serverpages"/> <map:serialize/> </map:match> <!-- all other files are just send as text --> <map:read mime-type="text/plain" src="../{request-param:filename}"/> </map:match> I.e. if you accept a request parameter and send back whatever file that parameter points to, then you have a problem.
