Change #1637

SR : 1-27106301 : Broadvision security vulnerability (KFH Pentest)

Added by Lim Pek Keng about 12 years ago. Updated almost 10 years ago.

Status:Closed - End of life cycleStart date:August 23, 2012
Priority:NormalDue date:August 30, 2012
Assignee:Nor Shuhaida Subri% Done:

0%

Category:-Spent time:-
Target version:-

Description

Issue 1: can reproduce
BVNqa68083: Directory traversal for the following URLs: pageFlowContainer.do?_process_content=../../WEB-INF/web.xml.

Issue 2:
jspScriptPicker.do Proxy tempering
Attacker can point to /home/oracle/.ssh/ and copy the ssh private key to login into the server
Question: Do we know how to reproduce this issue? When Editing a Channel Display template, I can bring up the JSp script picker. That lets me select any JSP file in bvmc.war. How do they point to /home/oracle/.ssh

Hotpatch_installer_instructions_1_.pdf (113 KB) Lim Pek Keng, August 29, 2012 14:09

About_the_installer_1_.pdf (36.3 KB) Lim Pek Keng, August 29, 2012 14:09

History

#1 Updated by Lim Pek Keng about 12 years ago

The hotpatches have been provided to Penril by BVMC developer.
Shuhaida needs to perform the followings :
1. Backup BVMC
2. install the hotpathes
3. perform testing to verify the fixes as required by customer

#2 Updated by Nor Shuhaida Subri about 12 years ago

Completed install and test hotpatches in development, staging and site office (for clustering environment). Now preparing the documentation on how to implement the hotpatches into the production server.

#3 Updated by Nor Shuhaida Subri about 11 years ago

Implement on 24/7/2013 but failed.
Send log to BV Support.

BV Support reply with this question

Hi Shuhaida,

As per the log files provided it looks like the hotpatch BVNqa48299 was applied more than one time. Can you please tell us the following:

1) Why the patch was applied 2 times ?

2) What is the configuration of your production system (standalone, cluster) ?

3) If cluster how many server and instances of JBoss ?

4) If cluster what commands were used to install the patch ?

5) Can you please provide the bv logs from the failed startup (when the patch was installed)

6) Can you please provide the following files:

a) $BV1TO1/patch/patchesApplied.txt

b) $BV1TO1/silent.properties

c) $BV1TO1_VAR/appConfig/bv_framework/etc/argumentValues.properties

d) $BV1TO1_VAR/appConfig/bv_framework/etc/bv.properties

7) Are there any changes made in DB parameters after initial production installation ?

#4 Updated by Nor Shuhaida Subri about 11 years ago

Hi Ateh,

Need KFH IT to provide following file:-

a) $BV1TO1/patch/patchesApplied.txt

b) $BV1TO1/silent.properties

c) $BV1TO1/appConfig/bv_framework/etc/argumentValues.properties

d) $BV1TO1/appConfig/bv_framework/etc/bv.properties

and also need u to answer the question (7)

7) Are there any changes made in DB parameters after initial production installation ?

#5 Updated by Tan Lee Yong almost 10 years ago

  • Status changed from Development / Work In Progress to Closed - End of life cycle

Closed since it is too old without update

Also available in: Atom PDF