[esb-issues] [JBoss JIRA] Updated: (JBESB-1561) Groovy security compromised
[ http://jira.jboss.com/jira/browse/JBESB-1561?page=all ]
Jiri Pechanec updated JBESB-1561:
---------------------------------
Attachment: malgroovy.tgz
Attached is modified scripting groovy quickstart. Only modified files were buidl.xml and
jboss-esb.xml. The outcome of runtest target is immediate server down.
Groovy security compromised
---------------------------
Key: JBESB-1561
URL: http://jira.jboss.com/jira/browse/JBESB-1561
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta, Adapters
Affects Versions: 4.2.1 CP1
Reporter: Martin Vecera
Attachments: malgroovy.tgz
GroovyActionProcess allows execution of malicious code. This code can be sent via esb
message. See attached example (modified QS).
Credit goes to Jirka Pechanec for this great idea!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira