[#4349] - Reports generation is blocked by firewall - path traversal attack pattern

Category:
Bug report
Priority:
High
Status:
New
Project: Severity:
Critical
Resolution:
Open
Component: Reproducibility:
Always
Assigned to:
0

https://example.com/jasperserver/ - works OK, but
https://example.com/jasperserver/reportresource/reportresource?resource=... - returns 403 forbiden due to supposed traversal attack - "resource=net/sf/jasperreports/web/servlets/resources/require/report/jasperreports-report.js"

You can read more about this attack here: https://www.owasp.org/index.php/Path_Traversal

AttachmentSize
Image icon traversal.png5.5 KB
vadym.kovalenko's picture
Joined: Apr 23 2014 - 2:22am
Last seen: 6 years 2 weeks ago
Feedback