[jira] [Resolved] (QPID-8600) [Broker-J] File path validation in management-http plugin

Tomas Vavricka (Jira) Thu, 27 Oct 2022 06:32:05 -0700


     [ 
https://issues.apache.org/jira/browse/QPID-8600?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tomas Vavricka resolved QPID-8600.
----------------------------------
    Fix Version/s: qpid-java-broker-9.0.0
       Resolution: Fixed

> [Broker-J] File path validation in management-http plugin
> ---------------------------------------------------------
>
>                 Key: QPID-8600
>                 URL: https://issues.apache.org/jira/browse/QPID-8600
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Broker-J
>    Affects Versions: qpid-java-broker-8.0.6
>            Reporter: Daniil Kirilyuk
>            Priority: Minor
>             Fix For: qpid-java-broker-9.0.0
>
>
> HTTP management plugin initiates a network connection in classes FileServlet 
> to a third-party system using user-controlled data for resource URI. This 
> vulnerability may be leveraged to send a request on behalf of the web server 
> since the request will originate from the web server's internal IP address.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

[jira] [Resolved] (QPID-8600) [Broker-J] File path validation in management-http plugin

Reply via email to