|Disable the __document parameter to prevent code injection [message #1795773]
||Fri, 28 September 2018 11:24
| Daniel V
Registered: July 2009
I'm running the BIRT report viewer .WAR (v.4.x) under Tomcat (v.7) on Linux and I tested the security bug reported at:
As in the bug report above, I can confirm that a code injection is possible trough the __document parameter in BIRT, then depending of the tomcat file permissions we can delete or create files on the server trough the injected code.
As we are not using this parameter in our project my question is what is the simplest and correct way to disable it (filter it out) or prevent the code injection?
Thank you in advance
[Updated on: Fri, 28 September 2018 11:26]
Report message to a moderator
Powered by FUDForum
. Page generated in 0.01818 seconds