activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dejan Bosanac (JIRA)" <j...@apache.org>
Subject [jira] Created: (AMQ-2788) Directory Traversal Vulnerability
Date Tue, 22 Jun 2010 07:32:53 GMT
Directory Traversal Vulnerability
---------------------------------

                 Key: AMQ-2788
                 URL: https://issues.apache.org/activemq/browse/AMQ-2788
             Project: ActiveMQ
          Issue Type: Bug
    Affects Versions: 5.3.2, 5.3.1
         Environment: Windows
            Reporter: Dejan Bosanac
            Assignee: Dejan Bosanac
             Fix For: 5.4.0


Due to vulnerability in Jetty's ResourceHandler (http://jira.codehaus.org/browse/JETTY-1004),
ActiveMQ installations on Windows are prone to this vulnerability.

This is solved by moving to 7.x Jetty version on trunk and upcoming 5.4.0 release.

People affected with this issue should either upgrade manually to Jetty 6.1.17 or remove resource
handler declaration by commenting out or deleting the following snippet from jetty.xml:

                   <bean class="org.mortbay.jetty.handler.ContextHandler">
                       <property name="contextPath" value="/"/>
                       <property name="handler">
                           <bean class="org.mortbay.jetty.handler.ResourceHandler">
                               <property name="welcomeFiles">
                                   <list>
                                       <value>index.html</value>
                                   </list>
                               </property>
                               <property name="resourceBase" value="${activemq.base}/webapps/static/"/>
                           </bean> 
                       </property>
                   </bean>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message