Community
Participate
Working Groups
+++ This bug was initially created as a clone of Bug #320424 +++ Bug 320424 contained two different issues and has been split into two clones to cover each of the problems. This is the url to reproduce on Windows, paste this URL into Firefox. http://localhost:8081/help/topic/org.eclipse.ua.tests/..\..\..\..\drivez.log The problem also shows up in IE but you need to enter the URL like this http://localhost:59449/help/topic/com.ibm.collaboration.realtime.help/..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cboot.ini
Created attachment 174909 [details] Patch Patch to detect "..\" in the path. I need to verify that there are no other sequences such as ../ which cause problems.
Chris, can you review this patch?
(In reply to comment #2) > Chris, can you review this patch? Yes, I have reviewed it and it seems to prevent the vulnerability. I have also tried ../, C:\file.txt, .+.\, .''.\, . .\ and these did not work either. I can't think of any other tests off the top of my head.
Patch looks good to me too Chris. Thanks for the quick turnaround!
Patch applied to HEAD
Patch applied to 3.6 maintenance stream, fixed. I will remove the security flag in a week or two to give time to update infocenters.
The patch has been applied to the 3.5 maintenance stream
This patch has been applied to the 3.4 maintenance stream
Verified in M20100901-0800
Removing security restriction for bugs that have been fixed in 3.6.2 or earlier.