|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Spring Framework: directory traversal via ResourceServlet
Synthesis of the vulnerability
An attacker can traverse directories via ResourceServlet of Spring Framework, in order to read a file outside the service root path.
Impacted products: Debian, Fedora, QRadar SIEM, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Percona Server, Spring Framework, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Computing, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/INSIGHT, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio.
Severity of this bulletin: 2/4.
Consequences of an intrusion: data reading.
Hacker's origin: internet client.
Creation date: 22/12/2016.
Références of this threat: 1996375, 2015813, CST-7122, CST-7123, CST-7124, CST-7125, CST-7126, CST-7127, CST-7128, CST-7129, CST-7130, CST-7131, CVE-2016-9878, DLA-1853-1, FEDORA-2016-f341d71730, RHSA-2017:3115-01, VIGILANCE-VUL-21453.
Description of the vulnerability
The Spring Framework product offers a web service.
However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.
An attacker can therefore traverse directories via ResourceServlet of Spring Framework, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides network vulnerability patches. The technology watch team tracks security threats targeting the computer system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities.