Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0002371 [NexusDB] Server major always 2020-07-30 01:22 2020-08-10 19:02
Reporter Eivind View Status public  
Assigned To Thorsten
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version v4.50.23 Release Product Version v4.50.22 Release
  Target Version v4.50.23 Release Product Build
Summary 0002371: Web configuration directory traversal security issue
Description a construct like the following can be used to access files outside the server's designated directory

curl --path-as-is http://host:10088/../../../../../../windows/win.ini [^]
Steps To Reproduce
Additional Information
Attached Files

- Relationships

There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2020-07-30 01:22 Eivind New Issue
2020-07-30 01:22 Eivind Status new => assigned
2020-07-30 01:22 Eivind Assigned To => Thorsten
2020-08-10 18:50 Eivind Fixed in Version => v4.50.23 Release
2020-08-10 18:50 Eivind Target Version => v4.50.23 Release
2020-08-10 18:50 Eivind View Status private => public
2020-08-10 19:01 Eivind Status assigned => closed
2020-08-10 19:01 Eivind Resolution open => fixed
2022-04-19 07:01 asdks Issue Monitored: asdks
2022-04-19 07:01 asdks Issue End Monitor: asdks
2022-04-19 07:02 asdks Issue End Monitor: asdks
2022-04-19 07:02 asdks Issue Monitored: asdks
2022-04-19 07:08 asdks Issue End Monitor: asdks


Mantis 1.1.0a3[^]
Copyright © 2000 - 2007 Mantis Group
36 total queries executed.
33 unique queries executed.
Powered by Mantis Bugtracker