oss-sec mailing list archives
Re: CVE:Request - Path Traversal Barebone.jsp - Liferay 5.1.0
From: cve-assign () mitre org
Date: Mon, 1 Aug 2016 20:07:20 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I discovered a directory traversal issue on minifierBundleDir barebone.jsp variable on a website with Liferay 5.1.0. However, i report the following vulnerable URL of example: /html/js/barebone.jsp?minifierBundleDir=/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E%2Fetc%2Fhosts%00.html It's important to note that the url requested is built in the following manner: - only .. "encoded characters" are permitted when you insert the traversal request - At the end of the file is necessary insert %00 and .html otherwise the request is not accepted
Use CVE-2016-6517. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXn95qAAoJEHb/MwWLVhi2EagP+wbDTXE/Nu6kzML6gHfT1YL/ ASt1JVhMFSk/1HLg3/ZLC1+lj7UVjj8Dhe/6xR+VZjbhT+lfZT0mkMJMlXjkpW56 Xr4QbP1rsgoZD3gIn3vZt714Kg2Slk+FgtYxnxXr14IkfjndbLRGteCTMp1oof2u ZLwyHQkX8aa+QWF/NmfGaGqVmXmpD3tEkhwPujqNPfvdeY+qnsTflJnckHFPrNrm XLwGnPE5oCYaTWR4Mik7fElYtm+KitiwLN1SNi8mtjhvftlpojNtpeTUyq0oZrkh pmMIWLJW6sEhniWJ1AEnKngbZjDYA6JmP5sLkhP/vvGKTAUqb+5/XMDW1BgDr9Z5 +bmfGN1y+6hzbN/O1Eau6Xt0eFLyVTokc3bAszxB6+Oq3Mu3EXyRgF1wwwo2cT5i XJ6Ait8TD6alYs4Apz6SVk81FkmmF42/sMdXMqpkrAekaLwX2iCtDimaCthZLJGJ 2rwT3ajPb+YMoeTXAGwipYxcHXh08A5YRZEgW1xzevJDng8qTNycPqb9QF2QmSHo 5LGU29Ct1om7rMzSeYoF/ZqYVlq8yOTK0NdkdNsxr52yKS4KNY1ebM7X9IrYfdcT 7ZRJGcIc0xS1ZfrW8WcfUWYnS6ke31nmXFLb6e73EmgM4+SX4lO1mIeBqGjekZYv P1MEHsLUulw40je0Ag1O =jL50 -----END PGP SIGNATURE-----
Current thread:
- CVE:Request - Path Traversal Barebone.jsp - Liferay 5.1.0 petrella.pietro (Aug 01)
- Re: CVE:Request - Path Traversal Barebone.jsp - Liferay 5.1.0 cve-assign (Aug 01)