all InfoSec news
Path Traversal Affecting Multiple CData Products
Tenable Research Advisories www.tenable.com
A researcher at Tenable discovered a path traversal vulnerability affecting the Java versions of multiple CData products when deployed using the embedded Jetty server, with varying impacts per product. The issue exists because of a combination of how the embedded Jetty server and CData servlets handle requests.
Technical Details
The path traversal can be leveraged as a result of the following conditions:
- The servlet mappings and security constraints laid out in each application's web.xml …
application attachment cookie date encoding evan filename grant http json length options path path traversal products server transfer x-frame-options