I'm tasked to close some security holes in our web-based application (powered by Java servlets). Using an in-house tool that allows us to submit "raw" HTTP requests (like you can with Telnet), we've discovered that, while POST requests forbid access, GET requests honor a request with a relative pathname like so:
http://myhost.com:8080/ServletName/..\WEB-INF\web.xml
From what I've read, access to the WEB-INF directory is restricted, but as I've said, when I do a GET on WildFly 10 (standalone) with a "raw" HTTP request tool, the request is honored.
Comments
Post a Comment