History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: LPP-2284
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: P1 P1
Assignee: Benjamin Shine
Reporter: Mark Davis
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
OpenLaszlo

Prevent Laszlo Explorer doc.jsp security hole

Created: 29/Jun/06 07:36 PM   Updated: 12/Jul/06 01:15 PM
Component/s: Server - Utilities
Affects Version/s: 3.0
Fix Version/s: 3.3.3

Time Tracking:
Not Specified

Severity: Major
Runtime: N/A


 Description  « Hide
This file is a stripped down verison of LPP-384 that requires resolution/verification of the Laszlo Explorer doc.jsp file not allowing file access.

doc.jsp only allows you to view files named *.htm This could be an information leak.

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Henry Minsky - 12/Jul/06 01:03 PM
fixed in legals revision1304

checks that src param expands to path that is subdir of servlet working directory

[ Permlink | « Hide ]
Henry Minsky - 12/Jul/06 01:09 PM
please integrate this to 3.3.3

[ Permlink | « Hide ]
Amy Muntz - 12/Jul/06 01:15 PM
Ben - since Jim is travelling today - can you please integrate this into lps-3.3 right away? Then assign it to Frisco. Thanks.


Powered by a free Atlassian JIRA open source license for Open Laszlo. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.12-#298) - Bug/feature request - Contact Administrators