[jbossws-issues] [JBoss JIRA] Created: (JBWS-2622) Directory traversal on WSDL-related requests (included XSDs)
failer failer (JIRA)
jira-events at lists.jboss.org
Sat Apr 18 09:34:23 EDT 2009
Directory traversal on WSDL-related requests (included XSDs)
------------------------------------------------------------
Key: JBWS-2622
URL: https://jira.jboss.org/jira/browse/JBWS-2622
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Environment: Jboss 5.0.1GA on Win2k
Reporter: failer failer
Deployed simple webservice "hello" (from tutorial) with modified WSDL. (Added xs:include with schemaLocation pointing to XSD in the same dir as WSDL.)
Tried http://127.0.0.1:8080/echo/Echo?wsdl - It`s OK. xs:include schemaLocation is rewriten as http://127.0.0.1:8080/echo/Echo?wsdl&resource=my.xsd
Tried URL http://127.0.0.1:8080/echo/Echo?wsdl&resource=../../../conf/login-config.xml - and received content of login-config.xml with security related information in it.
I didn`t try to request some other files, but i think it is possible to get ANY XML document from the server.
I suppose this is a security hole.
PS. Sorry for my bad English.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list