[jboss-jira] [JBoss JIRA] Updated: (JBCOMMON-108) CVE-2009-2693
Dimitris Andreadis (JIRA)
jira-events at lists.jboss.org
Wed Oct 13 03:22:39 EDT 2010
[ https://jira.jboss.org/browse/JBCOMMON-108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dimitris Andreadis updated JBCOMMON-108:
----------------------------------------
Assignee: Dimitris Andreadis
Fix Version/s: 1.2.2.GA
> CVE-2009-2693
> -------------
>
> Key: JBCOMMON-108
> URL: https://jira.jboss.org/browse/JBCOMMON-108
> Project: JBoss Common
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: common-old (1.x)
> Affects Versions: 1.0.0.GA, 1.2.1.GA
> Reporter: Mike Millson
> Assignee: Dimitris Andreadis
> Fix For: 1.2.2.GA
>
> Attachments: patch.JBossCommon_1_2_1_GA_CP.txt
>
>
> CVE-2009-2693: When deploying WAR files, the WAR files were not checked for directory traversal attempts. This allows an attacker to create arbitrary content outside of the web root by including entries such as ../../bin/catalina.sh in the WAR.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list