Vulnerability - dot-dot-slash
search cancel

Vulnerability - dot-dot-slash


Article ID: 200429


Updated On:


CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway


When using any API, for example, /test/qrcode/*, the gateway allows and sends dot-dot-slash paths to the location of API, allowing access to all the server resources, if the server accepts.


Release : 10.0

Component : API GATEWAY


The use case involve a wildcard service.

So if you publish an api with URI: /dotdotslash*, then you can send requests to:


doing quick test. Yes it's possible to send requests to URIs with ../ to a wildcard service.
but it's also possible to prevent that via policy by using a regex that checks request.url for sequence ../

see example policy attached : dotdotslash-policy.xml

to use wildcard is fine if you have a common business logic that you need to do regardless of whether they go /b or /c. But you have some options to make it more secure :
- you can add checks that make sure you're only routing to specific URLs
- you can add checks that blacklists certain URL patterns


1658851071000__dotdotslash-policy.xml get_app