incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Florian Holeczek (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (JSPWIKI-72) Ounce Labs Security Finding: Access Control - Forced Browsing Security Config
Date Sat, 10 Sep 2011 23:35:10 GMT

     [ https://issues.apache.org/jira/browse/JSPWIKI-72?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Florian Holeczek closed JSPWIKI-72.
-----------------------------------


> Ounce Labs Security Finding: Access Control - Forced Browsing Security Config 
> ------------------------------------------------------------------------------
>
>                 Key: JSPWIKI-72
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-72
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>    Affects Versions: 2.4.104
>            Reporter: Cristian Borlovan
>            Assignee: Andrew Jaquith
>             Fix For: 2.6.0
>
>         Attachments: report.pdf
>
>
> Description: 
> Any users (unauthenticated/authenticated/asserted) can force browse to this page and
gain pseudo sensitive information about the security configurations of the application.  This
pages details various security configuration of the site, including the access control definition,
etc.  Using this information an attacker can determine potential access control weaknesses
or misconfiguration related to security.  It appears that this page is intended to only be
accessed by administrators, however the access control check on this page is not in place,
allowing any user invocation.
> URL: http://localhost:8080/admin/SecurityConfig.jsp
> Recommendation: 
> Consider calling "wikiContext.hasAccess" and/or the appropriate authorization mechanism
to ensure that only privileged administrative users can access this page.
> Related Code Locations: 
> 1 findings:
>   Name:           JSPWiki_2_4_104.admin.SecurityConfig_jsp.jspInit():void
>   Type:           Vulnerability.AccessControl
>   Severity:       High
>   Classification: Vulnerability
>   File Name:      Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\web-root\JSPWiki.war\admin\SecurityConfig.jsp
>   Line / Col:     10 / 0
>   Context:        this . javax.servlet.GenericServlet.getServletConfig ()
>     -----------------------------------

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message