activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dejan Bosanac (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (AMQ-2788) Directory Traversal Vulnerability
Date Tue, 22 Jun 2010 07:32:55 GMT

     [ https://issues.apache.org/activemq/browse/AMQ-2788?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dejan Bosanac resolved AMQ-2788.
--------------------------------

    Resolution: Fixed

> Directory Traversal Vulnerability
> ---------------------------------
>
>                 Key: AMQ-2788
>                 URL: https://issues.apache.org/activemq/browse/AMQ-2788
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.3.1, 5.3.2
>         Environment: Windows
>            Reporter: Dejan Bosanac
>            Assignee: Dejan Bosanac
>             Fix For: 5.4.0
>
>
> Due to vulnerability in Jetty's ResourceHandler (http://jira.codehaus.org/browse/JETTY-1004),
ActiveMQ installations on Windows are prone to this vulnerability.
> This is solved by moving to 7.x Jetty version on trunk and upcoming 5.4.0 release.
> People affected with this issue should either upgrade manually to Jetty 6.1.17 or remove
resource handler declaration by commenting out or deleting the following snippet from jetty.xml:
>                    <bean class="org.mortbay.jetty.handler.ContextHandler">
>                        <property name="contextPath" value="/"/>
>                        <property name="handler">
>                            <bean class="org.mortbay.jetty.handler.ResourceHandler">
>                                <property name="welcomeFiles">
>                                    <list>
>                                        <value>index.html</value>
>                                    </list>
>                                </property>
>                                <property name="resourceBase" value="${activemq.base}/webapps/static/"/>
>                            </bean> 
>                        </property>
>                    </bean>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message