|
Viewing Issue Advanced Details
[ Jump to Notes ]
|
[ View Simple ]
[ Issue History ]
[ Print ]
|
|
ID |
Category |
Severity |
Reproducibility |
Date Submitted |
Last Update |
|
0002371 |
[NexusDB] Server |
major |
always |
2020-07-30 01:22 |
2020-08-10 19:02 |
|
|
Reporter |
Eivind |
View Status |
public |
|
|
Assigned To |
Thorsten |
|
Priority |
normal |
Resolution |
fixed |
Platform |
|
|
Status |
closed |
|
OS |
|
|
Projection |
none |
|
OS Version |
|
|
ETA |
none |
Fixed in Version |
v4.50.23 Release |
Product Version |
v4.50.22 Release |
| |
Target Version |
v4.50.23 Release |
Product Build |
|
|
|
Summary |
0002371: Web configuration directory traversal security issue |
|
Description |
a construct like the following can be used to access files outside the server's designated directory
curl --path-as-is http://host:10088/../../../../../../windows/win.ini [^] |
|
Steps To Reproduce |
|
|
Additional Information |
|
|
|
Attached Files |
|
|
|