Bug 320424

Summary:

[Webapp][Security] More vulnerabilities based on the topic parameter

Product:

[Eclipse Project] Platform

Reporter:

Chris Goldthorpe <cgold>

Component:

User Assistance

Assignee:

Chris Goldthorpe <cgold>

Status:

RESOLVED INVALID

QA Contact:

Severity:

normal

Priority:

CC:

benysh, kleind, mukund, rahulk, raji, tcornell

Version:

3.4

Keywords:

security

Target Milestone:

---

Hardware:

OS:

Windows XP

Whiteboard:

Bug Depends on:

320547, 320548

Bug Blocks:

Attachments:

Description	Flags
Patch for paths containing ..\	none

Description Chris Goldthorpe

2010-07-20 13:33:40 EDT

The help system is still allowing some protocols to be passed in through the topic parameter despite the fix to Bug 233466.

Comment 1 Chris Goldthorpe

2010-07-20 15:36:25 EDT

These are the URLs which are causing problems:

http://localhost:1258/help/topic/file:/c:/
http://localhost:59449/help/topic/com.ibm.collaboration.realtime.help/..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cboot.ini

Comment 2 Chris Goldthorpe

2010-07-20 18:40:07 EDT

Created attachment 174800 [details]
Patch for paths containing ..\

There are two separate issues, one is that on Windows ..\ can be passed into the URL and is eventually interpreted as part of a path in the file system. This patch fixes that problem.

Comment 3 Chris Goldthorpe

2010-07-21 16:05:11 EDT

There were two distinct and different problems described in this bug report. I have created two new bugs - Bug 320547 and Bug 320548 to track these. I am closing this bug and leaving the security flag on.

Comment 4 John Arthorne

2011-06-10 14:22:07 EDT

Removing security restriction for bugs that have been fixed in 3.6.2 or earlier.