[Penetration Test] WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816

WildFly[1], formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on multiple platforms.

WildFly is free and open-source software, subject to the requirements of the GNU Lesser General Public License (LGPL), version 2.1.

Directory traversal[2] vulnerability in WildFly 8.1.0.Final allows remote attackers to read arbitrary files via a .. (dot dot) in the URI parameter in a render action to standalone/configuration/standalone.xml or any other configuration file.

The vendor has proveid patches that fix the flaws. Our advisory with more detailed information can be found at our website[3]. CVE mitre website[4].

[1] http://wildfly.org/
[2] https://www.owasp.org/index.php/Testing_Directory_traversal/file_include_(OTG-AUTHZ-001)
[3] https://www.conviso.com.br/advisories/CVE-2014-7816.txt
[4] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-7816

Posted previously in http://blog.conviso.com.br/2014/12/wildfly-8-jbossas-application-directory.html by the same author.

Continue Reading...

[Penetration Test] HP Operations Manager Perfd Environment Scanner

During a intrusion test conducted recently, I found a daemon called perfd ​​which is listening on port 5227. According to IANA[1], the daemon is "HP System Performance Metric Service"[2] service.

Continue Reading...

[Code Review] RIPS Scanner v-0.54 - Local File Include (LFI)

Hi there, 

For those using the RIPS scanner [1] to help the analysis of vulnerabilities on PHP code, pay attention not to leave it running on your network or available to the internet, where anyone can access it. 

In a very brief static code analysis of RIPS we found two "Local File Include" (LFI) vulnerabilities as listed below:

Continue Reading...

[Penetration Test] From Deploy WAR (Tomcat) to Shell (FreeBSD)

O objetivo deste post é demonstrar como a implementação insegura de serviços na rede pode facilitar o comprometimento de toda a infraestrutura de sua empresa. Neste caso a demonstração será com a instalação padrão do Apache Tomcat [1], em um servidor com o sistema operacional FreeBSD [2], sem nenhum ajuste nas configurações ou hardening no pós-instalação.

Continue Reading...