Vulnerability: Lack of File Upload Extension Control in DevTest Portal 10.6
Article ID: 221515
Updated On:
Products
Issue/Introduction
File upload not validating extension
We have recently purchased/installed DevTest 10.6 and our security team has shared the below findings:
Many applications use the file upload features to load various data and allow editing. However, only the allowed file types during the application process should be allowed for loading. The application's needs, when determining the file types to allow, should be observed. Otherwise, attackers can upload a different file type to defacement, command execution, it can perform attacks such as roaming system files, exploiting local vulnerabilities.
Environment
Release : 10.6
Component : CA Service Virtualization
Resolution
This is resolved with the following patch: phoenix-10.6.0-DE505984.war
If you need a copy of the patch, please open a support case and let Support know you are referencing the fix in DE505984.
Note: This fix will be included in DevTest 10.7.
How to apply the patch
The steps need to be followed on PORTAL server
1. Stop PORTAL service
2. Place the patch file "phoenix-10.6.0-DE505984.war" at LISA_HOME\\webserver\\patches folder
3. Edit the file LISA_HOME/logging.properties
4. Add the following line
log4j.logger.com.ca.sv.ui.
5. Start the PORTAL service
6. Repeat the test and verify if the fix addresses the reported vulnerability
Feedback
