oss-sec mailing list archives

Re: CVE Request for incomplete fix to CVE-2015-3297 in Etherpad Minify

From: cve-assign () mitre org
Date: Thu, 16 Apr 2015 02:55:30 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

An anonymous reporter pointed out an incomplete fix to CVE-2015-3297
in the minify feature of current Etherpad releases. There is an
additional location in the script where backslashes are replaced
with slashes in the path parameter of HTTP API calls after path
normalization is applied, allowing an attacker supplying a slightly
different specially-crafted request to remotely read arbitrary files

https://github.com/ether/etherpad-lite/commit/0fa7650df8f940ed6b577d79836a78eb09726c4b


Use CVE-2015-3309.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVL1xzAAoJEKllVAevmvmsqWEH/2N77rp93iqfKbhqgMi2Ew+U
QP3tcg0pJoDbU3nJYLLhmcYtYyVa/2epCub3NXy+VuG6cRxORQiVVtlNPHOChf7Z
chb5DP7CRYIAD99mCQ+QZwWCaSfqf3ZqaL9t8ZVw+YvYwPnOUKpAQsOo6MqG1SNR
WOp9n3iE2kD8E7VbvKeFx8TlOEcsU1lEGxX+vHEVepJxnk3++sa6n0JFzv2vHKiU
KWLPLybUETGB7mPNfKXKImvU+RfXeQ+1yl6KevtPlYMElq5Rxt+FJCBqQNDSW7VU
ZWEBGB43J8T6QCNVTNFOkP6LJoXXjcOySHAk4wfWrJRm9EEVrUGk1M60PKJ4PdA=
=zRWw
-----END PGP SIGNATURE-----

Current thread:

CVE Request for incomplete fix to CVE-2015-3297 in Etherpad Minify Jeremy Stanley (Apr 12)
- Re: CVE Request for incomplete fix to CVE-2015-3297 in Etherpad Minify cve-assign (Apr 15)