Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Archived » BIRT » Disable the __document parameter to prevent code injection(Code injection trough the __document parameter - how to prevent that?)
Disable the __document parameter to prevent code injection [message #1795773] Fri, 28 September 2018 11:24
Daniel V is currently offline Daniel VFriend
Messages: 6
Registered: July 2009
Junior Member
Hello,

I'm running the BIRT report viewer .WAR (v.4.x) under Tomcat (v.7) on Linux and I tested the security bug reported at:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142

As in the bug report above, I can confirm that a code injection is possible trough the __document parameter in BIRT, then depending of the tomcat file permissions we can delete or create files on the server trough the injected code.

As we are not using this parameter in our project my question is what is the simplest and correct way to disable it (filter it out) or prevent the code injection?

Thank you in advance

[Updated on: Fri, 28 September 2018 11:26]

Report message to a moderator

Previous Topic:Arabic Font In Export to PDF on Linux
Next Topic:4.6.0 PPTX issue with element border
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Apr 23 06:59:43 GMT 2024

Powered by FUDForum. Page generated in 0.03294 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly