Path traversal

Description

Access to files from /bonita webapp container is too liberal. You can get files like web.xml with HTTP request with simple path traversal. Files from WEB-INF and META-INF should not be accessible.

Environment

Tomcat and Wildfly bundles

External Link

None

Workaround

None

Activity

Show:
Pierrick Voulet
December 27, 2018, 7:05 PM

Thank you for the report! Feel free to share any experience you may have to secure this.

Assignee

Pierrick Voulet

Reporter

Maciej Michalak

Affects versions

Reference

BS-19241

Fix versions

Configure