Prevent 'Path Traversal' in Wildfly 10.1.0?

cassidius Mar 22, 2017 5:14 PM

We deployed a Spring application on Wildfly 10.1.0 through the admin console and found that we can get to deployment files that we don't want to expose (e.g. https://localhost/login.html;//WEB-INF/web.xml ) Is there a global way in Wildfly to prevent this?

Thanks for your help!

1. Re: Prevent 'Path Traversal' in Wildfly 10.1.0?

ctomc Mar 23, 2017 5:23 AM (in response to cassidius)

I've just tested with a handful of test applications and cannot reproduce your problem in any way.

Only conclusion I could do, is that your application or its setup itself does this.

I was testing with handful of quickstrats from GitHub - wildfly/quickstart: Holds all versioned docs & samples
easy example would be helloworld-html5 or any other.
Actions