16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
43 lines
1.4 KiB
Plaintext
43 lines
1.4 KiB
Plaintext
== Why is this an issue?
|
|
|
|
Applications behave as filesystem oracles when they disclose to attackers if resources from the filesystem exist or not.
|
|
|
|
A user with malicious intent would inject specially crafted values, such as ``++../++``, to change the initially intended path. The resulting path would resolve to a location somewhere in the filesystem which the user should not normally have access to.
|
|
|
|
|
|
=== What is the potential impact?
|
|
|
|
An attacker exploiting a filesystem oracle vulnerability can determine if a file exists or not.
|
|
|
|
The files that can be affected are limited by the permission of the process
|
|
that runs the application. Worst case scenario: the process runs with elevated privileges, and therefore any file can be affected.
|
|
|
|
Below are some real-world scenarios that illustrate some impacts of an attacker
|
|
exploiting the vulnerability.
|
|
|
|
==== Information gathering
|
|
|
|
The vulnerability is exploited to gather information about the host system. The filesystem oracle can help identify user accounts, running services, or the exact version of installed software.
|
|
|
|
|
|
// How to fix it section
|
|
|
|
include::how-to-fix-it/java-se.adoc[]
|
|
|
|
== Resources
|
|
|
|
include::../common/resources/standards.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Change this code to not construct the path from user-controlled data.
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|