Vulners
Lucene search
Wildfly - 'WEB-INF' / 'META-INF' Information Disclosure via Filter Restriction Bypass
🗓️ 20 Mar 2016 00:00:00Reported by Tal Solomon of Palantir SecurityType 
exploitdb🔗 www.exploit-db.com👁 130 Views
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass | 20 Mar 201600:00 | – | zdt |
 | BSA-2017-314 | 23 Jun 201700:00 | – | broadcom |
 | CVE-2016-0793 | 20 Mar 201600:00 | – | circl |
 | Red Hat Wildfly Information Disclosure Vulnerability | 25 Mar 201600:00 | – | cnvd |
 | CVE-2016-0793 | 1 Apr 201619:00 | – | cve |
 | CVE-2016-0793 | 1 Apr 201619:00 | – | cvelist |
 | Wildfly - WEB-INF META-INF Information Disclosure via Filter Restriction Bypass | 20 Mar 201600:00 | – | exploitpack |
 | WildFly has incomplete blacklist vulnerability | 14 May 202203:25 | – | github |
 | CVE-2016-0793 | 1 Apr 201619:59 | – | nvd |
 | '/WEB-INF./' Information Disclosure Vulnerability (HTTP) | 3 Nov 200500:00 | – | openvas |
10
Exploit Title: Wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass
Date: 09.02.16
Exploit Author: Tal Solomon of Palantir Security
Vendor Homepage: https://bugzilla.redhat.com/show_bug.cgi?id=1305937
Software Link: http://wildfly.org/downloads/
Version: This issue effects versions of Wildfly prior to 10.0.0.Final, including 9.0.2.Final, and 8.2.1.Final.
Tested on: Windows
CVE : CVE-2016-0793
An information disclosure of the content of restricted files WEB-INF and META-INF via filter mechanism was reported. Servlet filter restriction mechanism is enforced by two code checks:
if (path.startsWith("/META-INF") || path.startsWith("META-INF") || path.startsWith("/WEB-INF") || path.startsWith("WEB-INF")) {
return false;
}
private boolean isForbiddenPath(String path) {
return path.equalsIgnoreCase("/meta-inf/") || path.regionMatches(true, 0, "/web-inf/", 0, "/web-inf/".length());
}
which can be bypassed using lower case and adding meaningless character to path.
Proof of Concept Video:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39573.zipData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Mar 2016 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS 25
CVSS 37.5
EPSS0.3