Vulnerability-Lookup

CNVD-2018-07461

Vulnerability from cnvd - Published: 2018-04-11

Title

Pivotal Grails Resources插件路径遍历漏洞

Description

Pivotal Grails是美国Pivotal Software公司的一套基于Groovy编程语言且用于快速开发Web应用的开源框架。Resource Plugin是其中的一个HTML资源管理插件。 Pivotal Grails Resources插件1.2.0版本至1.2.12版本中存在目录遍历漏洞，攻击者可利用漏洞获得敏感信息。

Severity

中

Patch Name

Pivotal Grails Resources插件路径遍历漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://pivotal.io/security/cve-2014-3626

Reference

https://pivotal.io/security/cve-2014-3626

Impacted products

Name
Pivotal Grails Resources >=1.2.0，<=1.2.12

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-3626",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3626"
    }
  },
  "description": "Pivotal Grails\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eGroovy\u7f16\u7a0b\u8bed\u8a00\u4e14\u7528\u4e8e\u5feb\u901f\u5f00\u53d1Web\u5e94\u7528\u7684\u5f00\u6e90\u6846\u67b6\u3002Resource Plugin\u662f\u5176\u4e2d\u7684\u4e00\u4e2aHTML\u8d44\u6e90\u7ba1\u7406\u63d2\u4ef6\u3002\r\n\r\nPivotal Grails Resources\u63d2\u4ef61.2.0\u7248\u672c\u81f31.2.12\u7248\u672c\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://pivotal.io/security/cve-2014-3626",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-07461",
  "openTime": "2018-04-11",
  "patchDescription": "Pivotal Grails\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eGroovy\u7f16\u7a0b\u8bed\u8a00\u4e14\u7528\u4e8e\u5feb\u901f\u5f00\u53d1Web\u5e94\u7528\u7684\u5f00\u6e90\u6846\u67b6\u3002Resource Plugin\u662f\u5176\u4e2d\u7684\u4e00\u4e2aHTML\u8d44\u6e90\u7ba1\u7406\u63d2\u4ef6\u3002\r\n\r\nPivotal Grails Resources\u63d2\u4ef61.2.0\u7248\u672c\u81f31.2.12\u7248\u672c\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Pivotal Grails Resources\u63d2\u4ef6\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Pivotal Grails Resources \u003e=1.2.0\uff0c\u003c=1.2.12"
  },
  "referenceLink": "https://pivotal.io/security/cve-2014-3626",
  "serverity": "\u4e2d",
  "submitTime": "2018-03-21",
  "title": "Pivotal Grails Resources\u63d2\u4ef6\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CVE-2014-3626 (GCVE-0-2014-3626)

Vulnerability from cvelistv5 – Published: 2018-03-19 13:00 – Updated: 2024-09-17 03:59

Summary

The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a '%' character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren't tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed.

Severity ?

No CVSS data available.

CWE

Directory Traversal

Assigner

dell

References

URL

Tags

https://pivotal.io/security/cve-2014-3626

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Dell EMC	Grails by Pivotal	Affected: Resources plugin versions 1.2.0 - 1.2.12. Earlier versions may also be affected but were not assessed

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:18.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2014-3626"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Grails by Pivotal",
          "vendor": "Dell EMC",
          "versions": [
            {
              "status": "affected",
              "version": "Resources plugin versions 1.2.0 - 1.2.12. Earlier versions may also be affected but were not assessed"
            }
          ]
        }
      ],
      "datePublic": "2017-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a \u0027%\u0027 character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren\u0027t tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory Traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-19T12:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2014-3626"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "DATE_PUBLIC": "2017-05-25T00:00:00",
          "ID": "CVE-2014-3626",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Grails by Pivotal",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Resources plugin versions 1.2.0 - 1.2.12. Earlier versions may also be affected but were not assessed"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell EMC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a \u0027%\u0027 character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren\u0027t tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pivotal.io/security/cve-2014-3626",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2014-3626"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2014-3626",
    "datePublished": "2018-03-19T13:00:00Z",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-09-17T03:59:34.272Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-07461

CVE-2014-3626 (GCVE-0-2014-3626)

Tags

Sightings

Nomenclature