Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-4595

JSP source code leak when a slash added at the end of the URL

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 9.0.0.CR2, 10.0.0.Alpha1
    • 8.1.0.Final, 8.2.0.Final, 9.0.0.CR1
    • Web (Undertow)
    • None
    • Hide
      • download and deploy the attached reproducer jsp-source.war
      • access index.jsp with trailing slah:
      $ curl http://localhost:8080/jsp-source/index.jsp/
<%@ page language="java" errorPage="/error.jsp" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" session="false" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>

<%
  // Can you see this text? Then you've reproduced the issue!

  System.out.println("JSP SOURCE LEAK REPRODUCER - Just put some text into the log file when we hit the JSP in the correct way... ");
%>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
...
      Show
      download and deploy the attached reproducer jsp-source.war access index.jsp with trailing slah: $ curl http: //localhost:8080/jsp-source/index.jsp/ <%@ page language= "java" errorPage= "/error.jsp" pageEncoding= "UTF-8" contentType= "text/html;charset=utf-8" session= " false " %> <%@ taglib uri= "http: //java.sun.com/jsp/jstl/core" prefix= "c" %> <% // Can you see this text? Then you've reproduced the issue! System .out.println( "JSP SOURCE LEAK REPRODUCER - Just put some text into the log file when we hit the JSP in the correct way... " ); %> <!DOCTYPE html PUBLIC "- //W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" > <html> ...

    Description

      When a trailing slash is added to a JSP URL (e.g. localhost:8080/my-app/index.jsp/) the source code of the JSP is downloaded/displayed.

      This is a security issue, because users can have passwords to external systems directly stored in JSP source code.

      This was originally reported by Abhinav Gupta on stackoverflow

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-127 JSP source code leak when a slash added at the end of the URL

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified
          relates to

          Bug - A problem that impairs or prevents the functions of the product. WFLY-8158 JSP source code leak when space and periods added at the end of the URL

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: