New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 624755 link

Starred by 1 user
Status: Duplicate
Merged: issue 600451
Owner:
aga...@chromium.org
Closed: Jun 2016
Cc:
stip@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security

Blocked on:
issue 600451


Sign in to add a comment

Security: Directory Listing and Using Components With Known Vulnerabilities

Reported by shwetaja...@gmail.com, Jun 30 2016 
1.
VULNERABILITY NAME
Directory Listing.

VULNERABILITY DETAILS
Many web applications use and manage files as part of their daily operation. Using input validation methods that have not been well designed or deployed, an aggressor could exploit the system in order to read or write files that are not intended to be accessible. In particular situations, it could be possible to execute arbitrary code or system commands. 

Traditionally, web servers and web applications implement authentication mechanisms to control access to files and resources. Web servers try to confine users' files inside a "root directory" or "web document root", which represents a physical directory on the file system. Users have to consider this directory as the base directory into the hierarchical structure of the web application.

Many web applications use server-side scripts to include different kinds of files. It is quite common to use this method to manage images, templates, load static texts, and so on. Unfortunately, these applications expose security vulnerabilities if input parameters (i.e., form parameters, cookie values) are not correctly validated.

In web servers and web applications, this kind of problem arises in path traversal/file include attacks. By exploiting this kind of vulnerability, an attacker is able to read directories or files which they normally couldn't read, access data outside the web document root, or include scripts and other kinds of files from external websites

REPRODUCTION CASE
1. Go to https://src.chromium.org/viewvc/
2. Click on Chrome folder

2.
VULNERABILITY NAME
Using Components With Known Vulnerabilities.

VULNERABILITY DETAILS
Components, such as libraries, frameworks, and other software modules, almost always run with full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications using components with known vulnerabilities may undermine application defenses and enable a range of possible attacks and impacts.

REPRODUCTION CASE
1. Go to https://src.chromium.org/viewvc/
Directory Listing.png
117 KB View Download
Using Components With Known Vulnerabilities.png
31.2 KB View Download

Comment 1 by palmer@chromium.org, Jun 30 2016

Cc: stip@chromium.org
Components: Infra>Security Infra
Owner: aga...@chromium.org
Status: Assigned (was: Unconfirmed)
I don't see a bug in the directory listing. That's intended functionality.

Infra: We probably should upgrade our ViewVC installation to latest stable.

Comment 2 by aga...@chromium.org, Jun 30 2016

Blockedon: 600451
Nah, we're just getting rid of viewvc entirely when we turn off SVN: https://bugs.chromium.org/p/chromium/issues/detail?id=600451

We are very close to done getting rid of the last writable SVN repos, and all the contents of SVN that we care about have been moved to Git. In early/mid Q3, svn.chromium.org will cease to exist, src.chromium.org will point to chromium.googlesource.com, and viewvc will no longer be running on any of our servers.

Comment 3 by palmer@chromium.org, Jun 30 2016

Mergedinto: 600451
Status: Duplicate (was: Assigned)
Sounds good! Thanks agable. I'm just going to make this bug a dup of that one then.
Project Member

Comment 4 by sheriffbot@chromium.org, Oct 21 2016

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment