1 Reply Latest reply on Aug 9, 2016 9:50 AM by mbabacek

    JBoss 4.2.1.GA Application Server Directory Traversal Vulnerability

    vyk0522
    vyk0522 Aug 9, 2016 5:17 AM

      I have an issue in my application. Attacker can manipulate the paths associated with files used by the application. it could print the contents of arbitrary files on the system.

      Any help how can I get rid of this issue?

      I am using JBoss 4.2.1.GA

      Thanks

        • 1. Re: JBoss 4.2.1.GA Application Server Directory Traversal Vulnerability
          mbabacek
          mbabacek Aug 9, 2016 9:50 AM (in response to vyk0522)

          Wow, 9+ years old AS  

          Dear Vivek, without any further details, it is impossible to tell whether it's your application's fault or the JBoss AS fault.

          Both is very well possible, especially given the amount of remotely exploitable vulnerabilities your JBoss 4.2.1.GA probably contains.

           

          Could you try with an AS from this decade, e.g. AS7 or WildFly, or is your app JBoss 4 dependant?

            • Actions