CollabNet Subversion Edge Management Tail LFI

Type packetstorm
Reporter otr
Modified 2015-06-30T00:00:00


                                            `# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management  
# Frontend via logfile "fileName" parameter of the "tail" action  
# Date: 28.06.2015  
# Author: otr  
# Software Link:  
# Vendor: CollabNet  
# Version: 4.0.11  
# Tested on: Fedora Linux  
# Type: Local file inclusion  
# Risk: Medium  
# Status: public/fixed  
# Fixed version: 5.0  
2014-10-09 Flaw Discovered  
2014-10-20 Vendor contacted  
2014-10-21 Vendor response  
2014-12-08 Vendor fix proposal  
2014-12-08 Extension of embargo to 19.4.2015  
2015-05-04 Extension of embargo until release of version 5.0  
2015-05-18 Release of version 5.0 and public disclosure  
The CollabNet Subversion Edge Management Frontend allows authenticated admins to  
read arbitrary local files via logfile "fileName" parameter of the "tail" action  
Sample URL:  
Fix proposal:  
Remove feature or santizes the fileName parameter so that no path traversals and  
arbitrary file inclusions are possible.  
Vendor fix:  
[...] now allow only showing hooks/logs within the intended directories.