|
|
|
|
| |
Apache Cocoon is "an Open Source web development framework built around the concepts of separation of concerns and component-based web development.
Cocoon implements these concepts around the notion of 'component pipelines', each component on the pipeline specializing on a particular operation. This makes it possible to use a Lego-like approach in building web solutions, hooking together components into pipelines without any required programming.
Cocoon is "web glue for your web application development needs". It is a glue that keeps concerns separate and allows parallel evolution of all aspects of a web application, improving development pace and reducing the chance of conflicts".
Apache Cocoon's sample files have been found to be vulnerable to a directory traversal (in the "view source" functionality). |
| |
Credit:
The information has been provided by Thierry De Leeuw.
|
| |
Vulnerable systems:
* Apache Cocoon version 2.1.2 (Release)
* Apache Cocoon version 2.1 before 22 Oct 2003 12:00
* Apache Cocoon version 2.2 (Development) before 22 Oct 2003 12:00
Immune systems:
* Apache Cocoon version 2.1 after 22 Oct 2003 12:00
* Apache Cocoon version 2.2 (Development) after 22 Oct 2003 12:00
Mitigating factors:
* On a production system samples should _NEVER_ be installed
* Setting correct files permission should reduce the risk of this thread
Exploit:
On a Windows host, where Cocoon is installed on the C:\cocoon\, accessing http://a_Host.com:8888/samples/view-source?filename=../../../boot.ini will initiate the download of the c:\boot.ini file.
Disclosure timeline:
20 Oct 2003 17:45 Bug reported on http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23949
20 Oct 2003 22:38 Problem acknowledged by J?rg Heinicke.
22 Oct 2003 11:59 Problem fixed in CVS by J?rg Heinicke.
|
|
|
|
|
|
|
|
|
|
