Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Directory Traversal with Spring MVC on Windows (CVE-2018-1271)

Gal_Goldshtein
F5 Employee
F5 Employee

on ‎15-Apr-2018 06:48

Recently a directory traversal vulnerability in the Spring Framework was published (CVE-2018-1271). The Spring application will only be vulnerable when it is deployed on a Microsoft Windows based operating system and the application developer uses the “file://” scheme as the path of the static resources.

0151T000003d7BSQAY.png

Figure 1: Example of a vulnerable resource path configuration

The answer for why only applications deployed on servers based on Microsoft Windows operating systems are vulnerable can be found in the Github commit that fixes the vulnerability. We can see that the “isInvalidEncodedPath” function covered only the case of “../” directory traversal attempts, while Windows operating systems supports paths that contains backslashes, and thus “..\” will also lead to directory traversal.

0151T000003d7BTQAY.png

Figure 2: Spring Framework’s Github commit fixing the vulnerability

Mitigating the vulnerability with BIG-IP ASM

BIG-IP ASM customers under any supported BIG-IP version are already protected against this vulnerability. The exploitation attempt will be detected by existing evasion techniques in URL, "Directory Traversal” and “IIS Backslashes”.

0151T000003d7BUQAY.png

Figure 3: Exploitation attempt blocked by “Directory Traversals” evasion technique.

0151T000003d7BVQAY.png

Figure 4: Exploitation attempt blocked by “IIS backslashes” evasion technique.

Labels:
0 Kudos
Version history
Last update:
‎15-Apr-2018 06:48
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC