[ https://issues.apache.org/jira/browse/JSPWIKI-845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Harry Metske updated JSPWIKI-845: --------------------------------- Security: (was: Security Vulnerability Disclosure) > Potential path traversal issue with Search.jsp > ---------------------------------------------- > > Key: JSPWIKI-845 > URL: https://issues.apache.org/jira/browse/JSPWIKI-845 > Project: JSPWiki > Issue Type: Bug > Affects Versions: 2.10.1 > Reporter: Jeff LoBello > > Nessus is reporting a security vulnerability in Search.jsp. Here is the > report detail... > Date: Fri 13 Jun 2014 15:29:51 MET > Vuln#: 2CN46194 (counted) > Vulnerability: CGI Generic Path Traversal (write test) > ToDo: Restrict access to the vulnerable application. Contact thevendor for a > patch or upgrade. > CertRef: > Tool Reference: http://www.nessus.org/plugins/index.php?view=single&id=46194 > Comment: > NessusOutput: > Port: 80/tcp > Using the GET HTTP method, Nessus found that : > + The following resources may be vulnerable to directory traversal (write > access) : > + The 'query' parameter of the /wiki/Search.jsp CGI : > /wiki/Search.jsp?details=&start=0&scope=&ok=Find!&maxitems=20&go=Go!&que > ry=Quick%20Navigation../../../../../../../../../../windows/system32/conf > ig/sam > -------- output -------- > HTTP/1.1 302 Found > -------- vs -------- > HTTP/1.1 200 OK > ------------------------ > ---------------------------------------- > In my analysis, I do believe this is a real issue. Normally, the above URL > for other searches returns a HTTP 302 response & redirect, but in the above > instance it returns a HTTP 200 response, so it does appear suspicious. -- This message was sent by Atlassian JIRA (v6.2#6252)