[#4349] - Reports generation is blocked by firewall - path traversal attack pattern

Posted by vadym.kovalenko on March 16, 2015 - 2:52am
Category:
Bug report
 Priority:
High
 Status:
New
Project:
JasperReports® Server
 Severity:
Critical
 Resolution:
Open
Component: Reproducibility:
Always
 Assigned to:
Subscribe

https://example.com/jasperserver/ - works OK, but
https://example.com/jasperserver/reportresource/reportresource?resource=... - returns 403 forbiden due to supposed traversal attack - "resource=net/sf/jasperreports/web/servlets/resources/require/report/jasperreports-report.js"

You can read more about this attack here: https://www.owasp.org/index.php/Path_Traversal

AttachmentSize
Image icon traversal.png5.5 KB
vadym.kovalenko's picture
vadym.kovalenko
2
Joined: Apr 23 2014 - 2:22am
Last seen: 8 years 1 month ago
Feedback
randomness