Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-1548

JBossWS - WSDL access url with resource suffix allows any arbitrary xml file to be viewed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 4.3.0.GA_CP04
    • 4.3.0.GA_CP03
    • Web Services
    • None
    • Release Notes

      The issue is that using in any wsdl access url if you suffix &resource=../../../jmx-invoker-service.xml you can view this file. Likewise in a system where JBossEAP is running you can easily hack to view any xml file from any arbitrary location using this method.

            mageshbk_jira Magesh Bojan (Inactive)
            mageshbk_jira Magesh Bojan (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: