Pax Web

Security issues in WAR management

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Fixed
  • Affects Version/s: 0.7.2
  • Fix Version/s: 0.8.0
  • Component/s: War Extender
  • Labels:
    None
  • Environment:
    JBossAS 5.1.0 GA, JBoss OSGi 1.0.0 beta 5, JDK 1.6.0-18, Apache Felix 2.0.2 and Apache Taglibs Standard 1.1.2

Description

It is possible for a client to request resources under WEB-INF directory such as web.xml, JSP fragments and so on.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Niclas Hedhman added a comment -

You mean that the content of WEB-INF/ is available via the http URL ??

Show
Niclas Hedhman added a comment - You mean that the content of WEB-INF/ is available via the http URL ??
Hide
Permalink
Gaetano Sferra added a comment -

Yes, that was what I mean

Show
Gaetano Sferra added a comment - Yes, that was what I mean
Hide
Permalink
Achim Nierbeck added a comment -

I created a branch at github:

http://github.com/ops4j/org.ops4j.pax.web/tree/webSecureContext

this fix is also contained within this branch

Show
Achim Nierbeck added a comment - I created a branch at github: http://github.com/ops4j/org.ops4j.pax.web/tree/webSecureContext this fix is also contained within this branch
Hide
Permalink
Achim Nierbeck added a comment -

is fixed and can be found in the master branche at github
http://github.com/ops4j/org.ops4j.pax.web

Show
Achim Nierbeck added a comment - is fixed and can be found in the master branche at github http://github.com/ops4j/org.ops4j.pax.web

People

Vote (0)
Watch (1)

Dates

  • Due:
    Created:
    Updated:
    Resolved: