Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass

🗓️ 20 Mar 2016 00:00:00Reported by Tal SolomonType 
zdt
 zdt🔗 0day.today👁 79 Views

Wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass. Vulnerable versions: prior to 10.0.0.Final, including 9.0.2.Final, and 8.2.1.Final. Windows tested

Related
Code
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerability of the WildFly application server in Java, which allows a hacker to read confidential files
19 Apr 201600:00
bdu_fstec
Broadcom		BSA-2017-314
23 Jun 201700:00
broadcom
Circl		CVE-2016-0793
20 Mar 201600:00
circl
CNVD		Red Hat Wildfly Information Disclosure Vulnerability
25 Mar 201600:00
cnvd
CVE		CVE-2016-0793
1 Apr 201619:00
cve
Cvelist		CVE-2016-0793
1 Apr 201619:00
cvelist
Exploit DB		Wildfly - 'WEB-INF' / 'META-INF' Information Disclosure via Filter Restriction Bypass
20 Mar 201600:00
exploitdb
exploitpack		Wildfly - WEB-INF META-INF Information Disclosure via Filter Restriction Bypass
20 Mar 201600:00
exploitpack
Github Security Blog		WildFly has incomplete blacklist vulnerability
14 May 202203:25
github
NVD		CVE-2016-0793
1 Apr 201619:59
nvd
Rows per page
Exploit Title: Wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass
Date: 09.02.16
Exploit Author: Tal Solomon of Palantir Security
Vendor Homepage: https://bugzilla.redhat.com/show_bug.cgi?id=1305937
Software Link: http://wildfly.org/downloads/
Version: This issue effects versions of Wildfly prior to 10.0.0.Final, including 9.0.2.Final, and 8.2.1.Final. 
Tested on: Windows
CVE : CVE-2016-0793
 
An information disclosure of the content of restricted files WEB-INF and META-INF via filter mechanism was reported. Servlet filter restriction mechanism is enforced by two code checks: 
 
if (path.startsWith("/META-INF") || path.startsWith("META-INF") || path.startsWith("/WEB-INF") || path.startsWith("WEB-INF")) {
    return false;
}
 
private boolean isForbiddenPath(String path) {
                return path.equalsIgnoreCase("/meta-inf/") || path.regionMatches(true, 0, "/web-inf/", 0, "/web-inf/".length());
}
 
which can be bypassed using lower case and adding meaningless character to path.
 
Proof of Concept Video:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39573.zip

#  0day.today [2018-01-08]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Mar 2016 00:00Current
EPSS0.3
wildflyinformation disclosurefilter restriction bypassvulnerabilitywindowscve-2016-0793palantir security
79