Endevor web services: USS path for security token exposed
search cancel

Endevor web services: USS path for security token exposed


Article ID: 262542


Updated On:




When browsing to https://host:port/EndevorService/config users were asked to provide a security token, and given the file system location of the security token that was required. The path contained the environment variable $TOMCAT_WEBAPPS_DIR.

However, if a user entered an incorrect security token, the environment variable was expanded and indicated the full path for the location of the security token on the underlying system. During the assessment, the $TOMCAT_WEBAPPS_DIR environment variable was therefore inferred as /DET1/cai/CADeploy/ESCM/tpv/tomcat/webapps/.

While this issue was unlikely to directly result in compromise of the service, it could provide valuable information to an attacker able to identify a path traversal or injection issue, or could support an attacker in developing or performing further targeted attacks.  



Release : 18.1


Apply Endevor PTF LU09458. 

This PTF fixed multiple web services issues including - On the main web services web page at /EndevorService, do not allow any displayed messages to contain full file paths to files inside the web server folder. This is a precaution to prevent a potential attacker from gaining information about the folder structure the server is a part of.