Details

    • Similar Issues:
      Show 4 results 

      Description

      6.1.X
      Servers using the FileSystemStore (default) or the AdvancedFileSystemStore to persist documents in the document library (dl.store.impl in portal.properties) are vulnerable to a directory traversal attacks. By manipulating the URL in the Message Boards, Wiki, or Knowledge Base portlet, an attacker can access any file on the server.

      6.0.X
      Servers using the FileSystemHook (default) or the AdvancedFileSystemHook to persist documents in the document library (dl.hook.impl in portal.properties) are vulnerable to a directory traversal attacks. By manipulating the URL in the Message Boards, Wiki, or Knowledge Base portlet, an attacker can access any file on the server.

        Activity

        Hide
        Samuel Kong added a comment -

        The code for this ticket was committed under LPS-27838.

        Show
        Samuel Kong added a comment - The code for this ticket was committed under LPS-27838.

          People

          • Assignee:
            SE Support
            Reporter:
            Samuel Kong
            Recent user:
            Randy Zhu
            Participants of an Issue:
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              3 years, 9 weeks, 2 days ago

              Development

                Subcomponents

                  Structure Helper Panel