VYPR
Get started
← All advisories
Moderate severityNVD Advisory· Published Mar 12, 2008· Updated Apr 23, 2026

CVE-2008-1301

CVE-2008-1301

Description

Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.opencms:opencms-coreMaven
>= 7.0.3, < 7.0.57.0.5

Affected products

2
  • Alkacon/Opencms2 versions
    cpe:2.3:a:alkacon:opencms:7.0.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:alkacon:opencms:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:alkacon:opencms:7.0.4:*:*:*:*:*:*:*

Patches

1
7b73b5559c1b

Fixed security issue 28152 reported by Security Focus

https://github.com/alkacon/opencms-corecWeinholzMar 17, 2008via ghsa
commit
5 files changed · +113 13
  • history.txt+3 2 modified
    @@ -1,7 +1,7 @@
 /*
  * File   : $Source: /alkacon/cvs/opencms/history.txt,v $
- * Date   : $Date: 2008/03/14 14:29:56 $
- * Version: $Revision: 1.990 $
+ * Date   : $Date: 2008/03/17 08:55:32 $
+ * Version: $Revision: 1.991 $
  *
  * This file is part of OpenCms -
  * the Open Source Content Management System
@@ -20,6 +20,7 @@ Legend:
 - General comment
 
 OpenCms 7.0.5 - xxx, 2008
+* Fixed security issue 28152 reported by Security Focus
 - Many improvements on Template Two and the demo
 * Fixed issue with NPE in MacroResolver
 * Changed decoration to plug in an extended decoration module
  • src/org/opencms/configuration/CmsWorkplaceConfiguration.java+11 3 modified
    @@ -1,7 +1,7 @@
 /*
  * File   : $Source: /alkacon/cvs/opencms/src/org/opencms/configuration/CmsWorkplaceConfiguration.java,v $
- * Date   : $Date: 2008/02/27 12:05:47 $
- * Version: $Revision: 1.49 $
+ * Date   : $Date: 2008/03/17 08:55:33 $
+ * Version: $Revision: 1.50 $
  *
  * This library is part of OpenCms -
  * the Open Source Content Management System
@@ -71,7 +71,7 @@
  * 
  * @author Alexander Kandzior 
  * 
- * @version $Revision: 1.49 $
+ * @version $Revision: 1.50 $
  * 
  * @since 6.0.0
  */
@@ -377,6 +377,9 @@ public class CmsWorkplaceConfiguration extends A_CmsXmlConfiguration implements
     /** The node name of the root node. */
     public static final String N_ROOT = "root";
 
+    /** The subname of the rfsfilesettings/rootPath node. */
+    public static final String N_ROOTPATH = "rootPath";
+    
     /** The node name of the roots node. */
     public static final String N_ROOTS = "roots";
 
@@ -841,6 +844,7 @@ public void addXmlDigesterRules(Digester digester) {
         // add fileViewSettings rules
         String xPathPrefix = "*/" + N_RFSFILEVIEWESETTINGS;
         digester.addObjectCreate(xPathPrefix, CmsRfsFileViewer.class);
+        digester.addBeanPropertySetter(xPathPrefix + "/" + N_ROOTPATH); 
         digester.addBeanPropertySetter(xPathPrefix + "/" + N_FILEPATH);
         digester.addBeanPropertySetter(xPathPrefix + "/" + N_ENABLED);
         digester.addBeanPropertySetter(xPathPrefix + "/" + N_FILEENCODING);
@@ -981,6 +985,10 @@ public Element generateXml(Element parent) {
         // add <rfsfileviewsettings> node
         CmsRfsFileViewer viewSettings = m_workplaceManager.getFileViewSettings();
         Element fileViewElement = workplaceElement.addElement(N_RFSFILEVIEWESETTINGS);
+        String rootPath = viewSettings.getRootPath();
+        if (rootPath != null) {
+            fileViewElement.addElement(N_ROOTPATH).setText(rootPath);
+        }
         String filePath = viewSettings.getFilePath();
         if (filePath != null) {
             fileViewElement.addElement(N_FILEPATH).setText(filePath);
  • src/org/opencms/configuration/opencms-workplace.dtd+8 0 modified
    @@ -256,12 +256,20 @@
 # new Administration -> workplace-tools -> logfile.
 -->	
 <!ELEMENT rfsfileviewsettings (
+    rootPath?,
     filePath?,
     enabled?,
     fileEncoding?,
     isLogfile?, 
     windowSize?)>
 
+<!--
+# This element should be non-existant in new files during initialisation. 
+# It is an absolute path to a folder used to restrict the allowed files.
+# If the element is not available, all files are restricted to the logs folder.
+-->
+<!ELEMENT rootPath (#PCDATA)> 
+
 <!--
 # This element should be non-existant in new files during initialisation. 
 # It is an absolute path to a file that will be shown.
  • src/org/opencms/util/CmsRfsFileViewer.java+86 3 modified
    @@ -1,7 +1,7 @@
 /*
  * File   : $Source: /alkacon/cvs/opencms/src/org/opencms/util/CmsRfsFileViewer.java,v $
- * Date   : $Date: 2008/02/27 12:05:36 $
- * Version: $Revision: 1.23 $
+ * Date   : $Date: 2008/03/17 08:55:32 $
+ * Version: $Revision: 1.24 $
  *
  * This library is part of OpenCms -
  * the Open Source Content Management System
@@ -31,6 +31,7 @@
 
 package org.opencms.util;
 
+import org.opencms.file.CmsResource;
 import org.opencms.i18n.CmsEncoder;
 import org.opencms.main.CmsIllegalArgumentException;
 import org.opencms.main.CmsLog;
@@ -66,7 +67,7 @@
  * 
  * @author  Achim Westermann 
  * 
- * @version $Revision: 1.23 $ 
+ * @version $Revision: 1.24 $ 
  * 
  * @since 6.0.0 
  */
@@ -87,6 +88,9 @@ public class CmsRfsFileViewer implements Cloneable {
     /** The path to the underlying file. */
     protected String m_filePath;
 
+    /** The path to the root for all accessible files. */
+    protected String m_rootPath;
+    
     /** 
      * If value is <code>true</code>, all setter methods will throw a 
      * <code>{@link CmsRuntimeException}</code><p>. 
@@ -117,6 +121,7 @@ public class CmsRfsFileViewer implements Cloneable {
      */
     public CmsRfsFileViewer() {
 
+        m_rootPath = new File(OpenCms.getSystemInfo().getLogFileRfsPath()).getParent();
         m_isLogfile = true;
         m_fileName2lineIndex = new HashMap();
         // system default charset: see http://java.sun.com/j2se/corejava/intl/reference/faqs/index.html#default-encoding
@@ -160,6 +165,7 @@ public Object clone() {
             }
         }
         CmsRfsFileViewer clone = new CmsRfsFileViewer();
+        clone.m_rootPath = m_rootPath;
         try {
             // strings are immutable: no outside modification possible.
             clone.setFilePath(m_filePath);
@@ -231,6 +237,16 @@ public int getWindowPos() {
         return m_windowPos;
     }
 
+    /**
+     * Returns the path denoting the root folder for all accessible files.<p>
+     * 
+     * @return the path denoting the root folder for all accessible files
+     */
+    public String getRootPath() {
+        
+        return m_rootPath;
+    }
+    
     /**
      * Get the amount of lines (or entries depending on wether a standard log file is shown) 
      * to display per page. <p>
@@ -497,6 +513,17 @@ public void setFilePath(String path) throws CmsRfsException, CmsRuntimeException
                         Messages.ERR_FILE_ARG_NOT_READ_1,
                         new Object[] {String.valueOf(path)}));
                 }
+            } else if (m_rootPath != null && !file.getCanonicalPath().startsWith(m_rootPath)) {
+                // if wrong configuration perform self healing: 
+                if (OpenCms.getRunLevel() == OpenCms.RUNLEVEL_2_INITIALIZING) {
+                    // this deletes the illegal entry and will default to the log file path
+                    m_filePath = null;
+                    m_isLogfile = true;
+                } else {
+                    throw new CmsRfsException(Messages.get().container(
+                        Messages.ERR_FILE_ARG_NOT_READ_1,
+                        new Object[] {String.valueOf(path)}));
+                }                
             } else {
                 m_filePath = file.getCanonicalPath();
             }
@@ -568,6 +595,62 @@ public void setIsLogfile(boolean isLogfile) throws CmsRuntimeException {
         m_isLogfile = isLogfile;
     }
 
+    /**
+     * Set the path in the real file system that points to the folder/tree 
+     * containing the logfiles.<p>
+     * 
+     * This method will only suceed if the folder specified by the <code>path</code> 
+     * argument is valid within the file system.<p> 
+     * 
+     * @param path the path in the real file system that points to the folder containing the logfiles
+     * 
+     * @throws CmsRuntimeException if the configuration of this instance has been frozen 
+     * @throws CmsRfsException if the given path is invalid
+     */
+    public void setRootPath(String path) throws CmsRfsException, CmsRuntimeException {
+
+        checkFrozen();
+
+        if (path != null) {
+            // leading whitespace from CmsComboWidget causes exception 
+            path = path.trim();
+        }
+        if (CmsStringUtil.isEmpty(path)) {
+            throw new CmsRfsException(Messages.get().container(
+                Messages.ERR_FILE_ARG_EMPTY_1,
+                new Object[] {String.valueOf(path)}));
+        }
+        try {
+            // just for validation :
+            File file = new File(path);
+            if (file.exists()) {
+                m_rootPath = file.getCanonicalPath();
+            } else {
+                // if wrong configuration perform self healing: 
+                if (OpenCms.getRunLevel() == OpenCms.RUNLEVEL_2_INITIALIZING) {
+                    // this deletes the illegal entry
+                    m_rootPath = new File(OpenCms.getSystemInfo().getLogFileRfsPath()).getParent();
+                } else {
+    
+                    throw new CmsRfsException(Messages.get().container(
+                        Messages.ERR_FILE_ARG_NOT_FOUND_1,
+                        new Object[] {String.valueOf(path)}));
+                }
+            }
+        } catch (IOException ioex) {
+            // if wrong configuration perform self healing: 
+            if (OpenCms.getRunLevel() == OpenCms.RUNLEVEL_2_INITIALIZING) {
+                // this deletes the illegal entry and will default to the log file path
+                m_rootPath = new File(OpenCms.getSystemInfo().getLogFileRfsPath()).getParent();
+            } else {
+
+                throw new CmsRfsException(Messages.get().container(
+                    Messages.ERR_FILE_ARG_ACCESS_1,
+                    new Object[] {String.valueOf(path)}), ioex);
+            }
+        }
+    }
+
     /**
      * Sets the start position of the current display.<p>
      *
  • src/org/opencms/workplace/CmsWidgetDialog.java+5 5 modified
    @@ -1,7 +1,7 @@
 /*
  * File   : $Source: /alkacon/cvs/opencms/src/org/opencms/workplace/CmsWidgetDialog.java,v $
- * Date   : $Date: 2008/02/27 12:05:45 $
- * Version: $Revision: 1.66 $
+ * Date   : $Date: 2008/03/17 08:55:33 $
+ * Version: $Revision: 1.67 $
  *
  * This library is part of OpenCms -
  * the Open Source Content Management System
@@ -68,7 +68,7 @@
  * 
  * @author Alexander Kandzior 
  * 
- * @version $Revision: 1.66 $ 
+ * @version $Revision: 1.67 $ 
  * 
  * @since 6.0.0 
  */
@@ -957,9 +957,9 @@ protected String createDialogRowHtml(CmsWidgetDialogParameter base) {
                 Throwable t = p.getError();
                 while (t != null) {
                     if (t instanceof I_CmsThrowable) {
-                        result.append(((I_CmsThrowable)t).getLocalizedMessage(getLocale()));
+                        result.append(CmsEncoder.escapeXml(((I_CmsThrowable)t).getLocalizedMessage(getLocale())));
                     } else {
-                        result.append(t.getLocalizedMessage());
+                        result.append(CmsEncoder.escapeXml(t.getLocalizedMessage()));
                     }
                     t = t.getCause();
                     if (t != null) {

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.