Moderate severityNVD Advisory· Published Jan 21, 2009· Updated Apr 23, 2026
CVE-2009-0026
CVE-2009-0026
Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.jackrabbit:jackrabbitMaven | < 1.5.2 | 1.5.2 |
Affected products
2cpe:2.3:a:apache:jackrabbit:1.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apache:jackrabbit:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:jackrabbit:1.5.0:*:*:*:*:*:*:*
Patches
236330ae8df40JCR-1925: Cross site scripting issues in webapp
1 file changed · +1 −1
jackrabbit-webapp/src/main/webapp/local.jsp+1 −1 modified@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---%><% +--%><%@page import="org.apache.jackrabbit.util.Text"%><% request.setAttribute("title", "Local Repository Access"); %><jsp:include page="header.jsp"/> <p>
fbdcc02bc35dJCR-1925: Cross site scripting issues in webapp
17 files changed · +124 −87
jackrabbit-webapp/src/main/webapp/bootstrap/error.jsp+2 −2 modified@@ -13,11 +13,11 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---%><% +--%><%@page import="org.apache.jackrabbit.util.Text"%><% request.setAttribute("title", "Content Repository Error"); %><jsp:include page="../header.jsp"/> <p> Some error occurred during setup. See the log files for details. </p> -<p><a href="<%= request.getContextPath() %>/admin">back</a></p> +<p><a href="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/admin">back</a></p> <jsp:include page="../footer.jsp"/>
jackrabbit-webapp/src/main/webapp/bootstrap/exists.jsp+2 −2 modified@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---%><% +--%><%@page import="org.apache.jackrabbit.util.Text"%><% request.setAttribute("title", "Content Repository Exists"); %><jsp:include page="../header.jsp"/> <p>The repository home directory or configuration already exists.</p> @@ -24,5 +24,5 @@ directory or the configuration file already exist. <p> Please specify a correct location or choose to reuse an existing repository. </p> -<p><a href="<%= request.getContextPath() %>/admin">back</a></p> +<p><a href="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/admin">back</a></p> <jsp:include page="../footer.jsp"/>
jackrabbit-webapp/src/main/webapp/bootstrap/missing.jsp+3 −3 modified@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---%><% +--%><%@page import="org.apache.jackrabbit.util.Text"%><% request.setAttribute("title", "Content Repository Setup"); %><jsp:include page="../header.jsp"/> <p> @@ -27,7 +27,7 @@ request.setAttribute("title", "Content Repository Setup"); </p> <h3>Create a new content repository</h3> -<form action="<%= request.getContextPath() %>/admin" method="POST"> +<form action="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/admin" method="POST"> <input type="hidden" name="mode" value="new"/> <p> Use this form to create a new content repository in the given directory. @@ -44,7 +44,7 @@ request.setAttribute("title", "Content Repository Setup"); </form> <h3>Use an existing content repository</h3> -<form action="<%= request.getContextPath() %>/admin" method="POST"> +<form action="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/admin" method="POST"> <input type="hidden" name="mode" value="existing"/> <p> Use this form to access an existing content repository in the given
jackrabbit-webapp/src/main/webapp/bootstrap/notexists.jsp+2 −2 modified@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---%><% +--%><%@page import="org.apache.jackrabbit.util.Text"%><% request.setAttribute("title", "Content Repository Not Found"); %><jsp:include page="../header.jsp"/> <p>The repository home directory or configuration do not exists.</p> @@ -24,5 +24,5 @@ directory or the configuration file do not exist. <p> Please specify a correct location or choose to create a new repository. </p> -<p><a href="<%= request.getContextPath() %>/admin">back</a></p> +<p><a href="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/admin">back</a></p> <jsp:include page="../footer.jsp"/>
jackrabbit-webapp/src/main/webapp/bootstrap/reconfigure.jsp+2 −2 modified@@ -13,13 +13,13 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---%><% +--%><%@page import="org.apache.jackrabbit.util.Text"%><% request.setAttribute("title", "Content Repository Already Running"); %><jsp:include page="../header.jsp"/> <p>Your repository is already properly configured an running.</p> <p> Your changes were discarded. To reconfigure or reinstall the repository modify the respective configuration files or remove them. </p> -<p><a href="<%= request.getContextPath() %>/">home</a></p> +<p><a href="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/">home</a></p> <jsp:include page="../footer.jsp"/>
jackrabbit-webapp/src/main/webapp/bootstrap/running.jsp+2 −2 modified@@ -13,13 +13,13 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---%><% +--%><%@page import="org.apache.jackrabbit.util.Text"%><% request.setAttribute("title", "Content Repository Ready"); %><jsp:include page="../header.jsp"/> <p>Your repository is properly configured an running.</p> <p> To reconfigure or reinstall the repository modify the respective configuration files or remove them. </p> -<p><a href="<%= request.getContextPath() %>/">home</a></p> +<p><a href="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/">home</a></p> <jsp:include page="../footer.jsp"/>
jackrabbit-webapp/src/main/webapp/bootstrap/success.jsp+2 −2 modified@@ -13,13 +13,13 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---%><% +--%><%@page import="org.apache.jackrabbit.util.Text"%><% request.setAttribute("title", "Content Repository Ready"); %><jsp:include page="../header.jsp"/> <p>Your repository is now properly configured an running.</p> <p> To reconfigure or reinstall the repository modify the respective configuration files or remove them. <p> -<p><a href="<%= request.getContextPath() %>/">home</a></p> +<p><a href="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/">home</a></p> <jsp:include page="../footer.jsp"/>
jackrabbit-webapp/src/main/webapp/error/repository.jsp+11 −4 modified@@ -13,23 +13,30 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---%><%@ page isErrorPage="true" %><% +--%><%@ page isErrorPage="true" + import="org.apache.jackrabbit.util.Text, + java.io.StringWriter, + java.io.PrintWriter"%><% request.setAttribute("title", "Repository Error"); %><jsp:include page="../header.jsp"/> <p> The content repository operation failed with the following <%= exception.getClass().getSimpleName() %> error: </p> -<blockquote><%= exception.getMessage() %></blockquote> +<blockquote><%= Text.encodeIllegalXMLCharacters(exception.getMessage()) %></blockquote> <p> See the - <a href="<%= request.getContextPath() %>/troubleshooting.jsp">troubleshooting page</a> + <a href="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/troubleshooting.jsp">troubleshooting page</a> for ideas on how to resolve this issue. </p> <h2>Exception stack trace</h2> <p> Below is the full exception stack trace associated with this error: </p> -<pre><% exception.printStackTrace(new java.io.PrintWriter(out)); %></pre> +<% +StringWriter buffer = new StringWriter(); +exception.printStackTrace(new PrintWriter(buffer)); +%> +<pre><%= Text.encodeIllegalXMLCharacters(buffer.toString()) %></pre> <jsp:include page="../footer.jsp"/>
jackrabbit-webapp/src/main/webapp/header.jsp+24 −17 modified@@ -14,30 +14,37 @@ See the License for the specific language governing permissions and limitations under the License. --%> +<%@page import="org.apache.jackrabbit.util.Text"%> +<% +String title = + Text.encodeIllegalXMLCharacters(request.getAttribute("title").toString()); +String context = + Text.encodeIllegalXMLCharacters(request.getContextPath()); +%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> - <title><%= request.getAttribute("title") %></title> + <title><%= title %></title> <link rel="stylesheet" - href="<%= request.getContextPath() %>/css/default.css" + href="<%= context %>/css/default.css" type="text/css"/> <link rel="shortcut icon" - href="<%= request.getContextPath() %>/images/favicon.ico" + href="<%= context %>/images/favicon.ico" type="image/vnd.microsoft.icon" /> </head> <body> <div id="page"> <div id="banner"> <p id="jcr"> - <a href="<%= request.getContextPath() %>/"> - <img src="<%= request.getContextPath() %>/images/jlogo.gif" + <a href="<%= context %>/"> + <img src="<%= context %>/images/jlogo.gif" alt="Apache Jackrabbit" height="100" width="336"/> </a> </p> <p id="asf"> <a href="http://www.apache.org/"> - <img src="<%= request.getContextPath() %>/images/asf-logo.gif" + <img src="<%= context %>/images/asf-logo.gif" alt="Apache Software Foundation" height="100" width="387"/> </a> </p> @@ -46,20 +53,20 @@ <ul> <li>Jackrabbit JCR Server <ul> - <li><a href="<%= request.getContextPath() %>/">Welcome</a></li> - <li><a href="<%= request.getContextPath() %>/webdav-simple.jsp">Standard WebDAV</a></li> - <li><a href="<%= request.getContextPath() %>/webdav-jcr.jsp">JCR WebDAV</a></li> - <li><a href="<%= request.getContextPath() %>/remote.jsp">Remote access</a></li> - <li><a href="<%= request.getContextPath() %>/local.jsp">Local access</a></li> - <li><a href="<%= request.getContextPath() %>/troubleshooting.jsp">Troubleshooting</a></li> - <li><a href="<%= request.getContextPath() %>/about.jsp">About Jackrabbit</a></li> + <li><a href="<%= context %>/">Welcome</a></li> + <li><a href="<%= context %>/webdav-simple.jsp">Standard WebDAV</a></li> + <li><a href="<%= context %>/webdav-jcr.jsp">JCR WebDAV</a></li> + <li><a href="<%= context %>/remote.jsp">Remote access</a></li> + <li><a href="<%= context %>/local.jsp">Local access</a></li> + <li><a href="<%= context %>/troubleshooting.jsp">Troubleshooting</a></li> + <li><a href="<%= context %>/about.jsp">About Jackrabbit</a></li> </ul> </li> <li>Default workspace <ul> - <li><a href="<%= request.getContextPath() %>/repository/default/">Browse</a></li> - <li><a href="<%= request.getContextPath() %>/search.jsp">Search</a></li> - <li><a href="<%= request.getContextPath() %>/populate.jsp">Populate</a></li> + <li><a href="<%= context %>/repository/default/">Browse</a></li> + <li><a href="<%= context %>/search.jsp">Search</a></li> + <li><a href="<%= context %>/populate.jsp">Populate</a></li> </ul> </li> <li>Apache Jackrabbit @@ -79,4 +86,4 @@ </ul> </div> <div id="content"> - <h2><%= request.getAttribute("title") %></h2> + <h2><%= title %></h2>
jackrabbit-webapp/src/main/webapp/local.jsp+1 −1 modified@@ -73,7 +73,7 @@ Repository repository = (Repository) context.lookup(...); ServletContext context = ...; // <em>context of your servlet</em> ServletContext jackrabbit = - context.getContext("<em><%= request.getContextPath() %></em>"); + context.getContext("<em><%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %></em>"); Repository repository = (Repository) context.getAttribute(Repository.<b>class</b>.getName()). </pre>
jackrabbit-webapp/src/main/webapp/populate.jsp+12 −11 modified@@ -16,6 +16,7 @@ --%><%@ page import="javax.jcr.Repository, javax.jcr.Session, org.apache.jackrabbit.j2ee.RepositoryAccessServlet, + org.apache.jackrabbit.util.Text, javax.jcr.SimpleCredentials, java.util.Iterator, java.net.URL, @@ -51,7 +52,7 @@ jcrSession = rep.login(new SimpleCredentials("user", "".toCharArray())); wspName = jcrSession.getWorkspace().getName(); } catch (Throwable e) { - %>Error while accessing the repository: <font color="red"><%= e.getMessage() %></font><br><% + %>Error while accessing the repository: <font color="red"><%= Text.encodeIllegalXMLCharacters(e.getMessage()) %></font><br><% %>Check the configuration or use the <a href="admin/">easy setup</a> wizard.<% return; } @@ -79,24 +80,24 @@ if (seedWord != null && numDocs > 0 && filetypes.size() > 0) { %> <html> <head> -<title>Welcome to Apache Jackrabbit - Populate workspace: <%= wspName %></title> -<link rel="shortcut icon" href="<%= request.getContextPath() %>/images/favicon.ico" type="image/vnd.microsoft.icon"> +<title>Welcome to Apache Jackrabbit - Populate workspace: <%= Text.encodeIllegalXMLCharacters(wspName) %></title> +<link rel="shortcut icon" href="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/images/favicon.ico" type="image/vnd.microsoft.icon"> <style type="text/css" media="all"> - @import url("<%= request.getContextPath() %>/css/default.css"); + @import url("<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/css/default.css"); </style> <script><!-- function draw() { // draw the bar document.write('<table cellspacing="0" cellpadding="0" style="border-color:' + this.borderColor + '; border-width:' + this.borderWidth + '; border-style:' + this.borderStyle + '">'); document.write('<tr><td>'); document.write('<table border="0" cellspacing="0" cellpadding="0" style="">'); - document.write('<tr><td style="background-color:' + this.barColor +'"><img src="<%= request.getContextPath() %>/images/0.gif" id="' + this.id + 'barFG" width="0" height="' + this.height + '"/></td>'); - document.write('<td><img src="<%= request.getContextPath() %>/images/0.gif" id="' + this.id + 'barBG" width="' + this.width + '" height="' + this.height + '"/></td></tr>'); + document.write('<tr><td style="background-color:' + this.barColor +'"><img src="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/images/0.gif" id="' + this.id + 'barFG" width="0" height="' + this.height + '"/></td>'); + document.write('<td><img src="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/images/0.gif" id="' + this.id + 'barBG" width="' + this.width + '" height="' + this.height + '"/></td></tr>'); document.write('</table>'); document.write('</tr></td>'); document.write('</table>'); document.write('<table>'); - document.write('<tr><td><img src="<%= request.getContextPath() %>/images/0.gif" width="' + this.width + '" height="0"/></td></tr>'); + document.write('<tr><td><img src="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/images/0.gif" width="' + this.width + '" height="0"/></td></tr>'); document.write('<tr><td align="center"><span id="' + this.id + 'barValue">0%</span></td></tr>'); document.write('<tr><td align="center"><span id="' + this.id + 'barInfo"> </span></td></tr>'); document.write('</table>'); @@ -139,7 +140,7 @@ ProgressBar.prototype.borderWidth = "2px"; </head> <body> <div style="background: white; border: 1px solid black; padding: 50px; width: 510px; margin: 50px auto;"> - <h2>Populate workspace: "<%= wspName %>"</h2><br> + <h2>Populate workspace: "<%= Text.encodeIllegalXMLCharacters(wspName) %>"</h2><br> <p>Overall progress</p> <script>var pb = new ProgressBar(<%= numDocs %>, 500, 30);pb.draw();</script> @@ -194,7 +195,7 @@ ProgressBar.prototype.borderWidth = "2px"; InputStream in = con.getInputStream(); try { synchronized (fOut) { - fOut.println("<script>dp.inform(0, '" + info + "')</script>"); + fOut.println("<script>dp.inform(0, '" + Text.encodeIllegalXMLCharacters(info) + "')</script>"); fOut.flush(); } int length = con.getContentLength(); @@ -266,7 +267,7 @@ request.setAttribute("title", "Populate workspace " + wspName); </p> <form method="POST"> <table> - <tr><td>Seed word:</td><td><input name="seed" type="text" size="30" value="<%= seedWord == null ? "download" : seedWord %>"/></td></tr> + <tr><td>Seed word:</td><td><input name="seed" type="text" size="30" value="<%= seedWord == null ? "download" : Text.encodeIllegalXMLCharacters(seedWord) %>"/></td></tr> <tr><td>Number of documents:</td><td><input name="num" type="text" size="30" value="<%= numDocs == 0 ? 100 : numDocs %>"/></td></tr> <tr valign="top"><td>Document types:</td><td><input name="filetype" type="checkbox" value="pdf" <%= filetypes.contains("pdf") ? "checked" : "" %>/> Adobe Acrobat PDF<br/><input name="filetype" type="checkbox" value="rtf" <%= filetypes.contains("rtf") ? "checked" : "" %>/> Rich Text Format<br/><input name="filetype" type="checkbox" value="doc" <%= filetypes.contains("doc") ? "checked" : "" %>/> Microsoft Word<br/><input name="filetype" type="checkbox" value="ppt" <%= filetypes.contains("ppt") ? "checked" : "" %>/> Microsoft PowerPoint<br/><input name="filetype" type="checkbox" value="xls" <%= filetypes.contains("xls") ? "checked" : "" %>/> Microsoft Excel<br/></td></tr> <tr><td> </td><td><input type="submit" value="Populate!"/></td></tr> @@ -399,7 +400,7 @@ request.setAttribute("title", "Populate workspace " + wspName); double s = 1000d * (double) read / (double) length; out.println("<script>" + varName + ".inform(" + Math.min((int) Math.ceil(s), 1000) + - ", '" + fileName + "')</script>"); + ", '" + Text.encodeIllegalXMLCharacters(fileName) + "')</script>"); out.flush(); } nextReport += (16 * 1024);
jackrabbit-webapp/src/main/webapp/remote.jsp+2 −1 modified@@ -13,13 +13,14 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---%><% +--%><%@page import="org.apache.jackrabbit.util.Text"%><% request.setAttribute("title", "Remote Repository Access"); URI uri = new URI(request.getRequestURL().toString()); String base = uri.getScheme() + "://" + uri.getHost() + ":" + uri.getPort() + request.getContextPath(); +base = Text.encodeIllegalXMLCharacters(base); %><jsp:include page="header.jsp"/> <p> The content repository within this web application is made available
jackrabbit-webapp/src/main/webapp/search.jsp+37 −25 modified@@ -15,6 +15,7 @@ limitations under the License. --%><%@ page import="javax.jcr.Repository, org.apache.jackrabbit.j2ee.RepositoryAccessServlet, + org.apache.jackrabbit.util.Text, javax.jcr.Session, javax.jcr.SimpleCredentials, java.util.Calendar, @@ -40,7 +41,7 @@ rep = RepositoryAccessServlet.getRepository(pageContext.getServletContext()); jcrSession = rep.login(new SimpleCredentials("anonymous", "".toCharArray())); } catch (Throwable e) { - %>Error while accessing the repository: <font color="red"><%= e.getMessage() %></font><br><% + %>Error while accessing the repository: <font color="red"><%= Text.encodeIllegalXMLCharacters(e.getMessage()) %></font><br><% %>Check the configuration or use the <a href="admin/">easy setup</a> wizard.<% return; } @@ -72,9 +73,9 @@ if (q.startsWith("related:")) { String path = q.substring("related:".length()); stmt = "//element(*, nt:file)[rep:similar(jcr:content, '" + path + "/jcr:content')]/rep:excerpt(.)"; - queryTerms = "similar to <b>" + path + "</b>"; + queryTerms = "similar to <b>" + Text.encodeIllegalXMLCharacters(path) + "</b>"; } else { - queryTerms = "for <b>" + q + "</b>"; + queryTerms = "for <b>" + Text.encodeIllegalXMLCharacters(q) + "</b>"; q = q.replaceAll("'", "''"); stmt = "//element(*, nt:file)[jcr:contains(jcr:content, '" + q + "')]/rep:excerpt(.)"; } @@ -131,30 +132,41 @@ request.setAttribute("title", "Search workspace " + wspName); <form name="gs" method="GET"> <p> - <input type="text" name="q" size="41" maxlength="2048" value="<%= q %>" title="Search"> + <input type="text" name="q" size="41" maxlength="2048" value="<%= Text.encodeIllegalXMLCharacters(q) %>" title="Search"> <input type=submit value="Search"><br><br> </p> </form> <% if (rows != null && rows.getSize() == 0) { %> - <% - if (suggestedQuery != null) { - %><p><font class="p" color="#cc0000">Did you mean: </font><a href="search.jsp?q=<%= suggestedQuery %>" class="p"><b><i><%= suggestedQuery %></i></b></a> <br></p><% - } - %> - <p/>Your search - <b><%= q %></b> - did not match any documents. +<% if (suggestedQuery != null) { %> +<p><font class="p" color="#cc0000">Did you mean:</font> + <a href="search.jsp?q=<%= Text.encodeIllegalXMLCharacters(suggestedQuery) %>" class="p"> + <b><i><%= Text.encodeIllegalXMLCharacters(suggestedQuery) %></i></b> + </a><br> +</p> +<% } %> + <p/>Your search - <b><%= Text.encodeIllegalXMLCharacters(q) %></b> - did not match any documents. <br/><br/>Suggestions: - <ul><li>Make sure all words are spelled correctly.</li><li>Try different keywords.</li><li>Try more general keywords.</li><li>Try fewer keywords.</li></ul> + <ul> + <li>Make sure all words are spelled correctly.</li> + <li>Try different keywords.</li> + <li>Try more general keywords.</li> + <li>Try fewer keywords.</li> + </ul> <% } else if (rows != null) { %> <table border=0 cellpadding=0 cellspacing=0 width=100% class="t bt"> - <tr><td><font size=-1>Results <b><%= from + 1 %></b> - <b><%= to %></b> of about <b><%= totalResults %></b> <%= queryTerms %>. (<b><%= executedIn %></b> seconds) </font></td></tr> + <tr> + <td><font size=-1>Results <b><%= from + 1 %></b> - <b><%= to %></b> of about <b><%= totalResults %></b> <%= queryTerms %>. (<b><%= executedIn %></b> seconds) </font></td></tr> </table> - <% - if (suggestedQuery != null) { - %><p><font class="p" color="#cc0000">Did you mean: </font><a href="search.jsp?q=<%= suggestedQuery %>" class="p"><b><i><%= suggestedQuery %></i></b></a> <br></p><% - } - %> +<% if (suggestedQuery != null) { %> + <p> + <font class="p" color="#cc0000">Did you mean:</font> + <a href="search.jsp?q=<%= Text.encodeIllegalXMLCharacters(suggestedQuery) %>" class="p"> + <b><i><%= Text.encodeIllegalXMLCharacters(suggestedQuery) %></i></b> + </a><br> + </p> +<% } %> <div> <% while (rows.hasNext() && rows.getPosition() < to) { @@ -169,10 +181,10 @@ request.setAttribute("title", "Search workspace " + wspName); DateFormat df = SimpleDateFormat.getDateInstance(SimpleDateFormat.LONG); String lastModified = df.format(resource.getProperty("jcr:lastModified").getDate().getTime()); %> - <h6><a href="<%= request.getContextPath() %>/repository/<%= wspName %><%= file.getPath() %>" class=l><%= file.getName() %></a></h6> + <h6><a href="<%= Text.encodeIllegalXMLCharacters(request.getContextPath() + "/repository/" + wspName + file.getPath()) %>" class=l><%= Text.encodeIllegalXMLCharacters(file.getName()) %></a></h6> <table border=0 cellpadding=0 cellspacing=0> <tr><td><font><%= r.getValue("rep:excerpt(jcr:content)").getString() %> - <%= file.getPath() %> - <%= size %> - <%= lastModified %> - <nobr><a href="<%= request.getContextPath() %>/search.jsp?q=related:<%= URLEncoder.encode(file.getPath(), "UTF-8") %>">Similar pages</a></nobr></font></td> + <%= Text.encodeIllegalXMLCharacters(file.getPath()) %> - <%= size %> - <%= lastModified %> - <nobr><a href="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/search.jsp?q=related:<%= Text.encodeIllegalXMLCharacters(URLEncoder.encode(file.getPath(), "UTF-8")) %>">Similar pages</a></nobr></font></td> </tr> </table> <% @@ -190,7 +202,7 @@ request.setAttribute("title", "Search workspace " + wspName); <td><font size=-1>Result Page: <% if (currentPageIndex != ((Long) indexes.get(0)).longValue()) { - %><td nowrap align=right><a href=search.jsp?q=<%= q %>&start=<%= (currentPageIndex - 1) * 10 %>>Previous</a><% + %><td nowrap align=right><a href=search.jsp?q=<%= Text.encodeIllegalXMLCharacters(q) %>&start=<%= (currentPageIndex - 1) * 10 %>>Previous</a><% } else { %><td nowrap ><font size=-1><% } @@ -199,11 +211,11 @@ request.setAttribute("title", "Search workspace " + wspName); if (pageIdx == currentPageIndex) { %><td nowrap><font size=-1><%= pageIdx + 1 %><% } else { - %><td nowrap><font size=-1><a href=search.jsp?q=<%= q %>&start=<%= pageIdx * 10 %>><%= pageIdx + 1 %></a><% + %><td nowrap><font size=-1><a href=search.jsp?q=<%= Text.encodeIllegalXMLCharacters(q) %>&start=<%= pageIdx * 10 %>><%= pageIdx + 1 %></a><% } } if (currentPageIndex < (maxPage - 1)) { - %><td nowrap><font size=-1><a href=search.jsp?q=<%= q %>&start=<%= (currentPageIndex + 1) * 10 %>>Next</a><% + %><td nowrap><font size=-1><a href=search.jsp?q=<%= Text.encodeIllegalXMLCharacters(q) %>&start=<%= (currentPageIndex + 1) * 10 %>>Next</a><% } else { %><td nowrap ><% } @@ -217,11 +229,11 @@ request.setAttribute("title", "Search workspace " + wspName); <br clear=all><br> <table> - <tr><td><br><form method=GET action=<%= request.getContextPath() %>/search.jsp> - <font size=-1><input type=text name=q size=31 maxlength=2048 value="<%= q %>" title="Search"> <input type=submit value="Search"> + <tr><td><br><form method=GET action=<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/search.jsp> + <font size=-1><input type=text name=q size=31 maxlength=2048 value="<%= Text.encodeIllegalXMLCharacters(q) %>" title="Search"> <input type=submit value="Search"> </font></form> <br><font size=-1> - <a href="<%= request.getContextPath() %>/swr.jsp?q=<%= q %>&swrnum=<%= rows.getSize() %>">Search within results</a> | <a href="http://issues.apache.org/jira/browse/JCR" target=_blank>Dissatisfied? Help us improve</a></font><br> + <a href="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/swr.jsp?q=<%= Text.encodeIllegalXMLCharacters(q) %>&swrnum=<%= rows.getSize() %>">Search within results</a> | <a href="http://issues.apache.org/jira/browse/JCR" target=_blank>Dissatisfied? Help us improve</a></font><br> <br> </td></tr> </table>
jackrabbit-webapp/src/main/webapp/swr.jsp+4 −3 modified@@ -16,6 +16,7 @@ --%><%@ page import="javax.jcr.Repository, javax.jcr.Session, org.apache.jackrabbit.j2ee.RepositoryAccessServlet, + org.apache.jackrabbit.util.Text, javax.jcr.SimpleCredentials, java.util.Calendar, java.text.NumberFormat" @@ -26,7 +27,7 @@ rep = RepositoryAccessServlet.getRepository(pageContext.getServletContext()); jcrSession = rep.login(new SimpleCredentials("anonymous", "".toCharArray())); } catch (Throwable e) { - %>Error while accessing the repository: <font color="red"><%= e.getMessage() %></font><br><% + %>Error while accessing the repository: <font color="red"><%= Text.encodeIllegalXMLCharacters(e.getMessage()) %></font><br><% %>Check the configuration or use the <a href="admin/">easy setup</a> wizard.<% return; } @@ -47,12 +48,12 @@ %><jsp:include page="header.jsp"/> <form name=f action="search.jsp"> <table border=0 cellpadding=0 cellspacing=0 width=100%> - <tr><table border=0 width=100%><tr><td><br>There were about <b><%= numResults %></b> results for <b><%= q %></b>.<br> + <tr><table border=0 width=100%><tr><td><br>There were about <b><%= numResults %></b> results for <b><%= Text.encodeIllegalXMLCharacters(q) %></b>.<br> Use the search box below to search within these results.<br><br></td></tr></table> </td></tr> <tr><td valign=middle> <table border=0 width=100%><tr><td> - <INPUT type=hidden name=q value="<%= q %>"> + <INPUT type=hidden name=q value="<%= Text.encodeIllegalXMLCharacters(q) %>"> <INPUT type=text name=as_q size=31 maxlength=256 value=""> <INPUT type=submit VALUE="Search within results"> </td></tr></table>
jackrabbit-webapp/src/main/webapp/troubleshooting.jsp+10 −4 modified@@ -13,7 +13,9 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---%><% +--%><%@page import="org.apache.jackrabbit.util.Text, + java.io.StringWriter, + java.io.PrintWriter"%><% request.setAttribute("title", "Troubleshooting"); %><jsp:include page="header.jsp"/> <p> @@ -29,7 +31,7 @@ request.setAttribute("title", "Troubleshooting"); </li> <li> Is the repository up and running? Try browsing the - <a href="<%= request.getContextPath() %>/repository/default/">default workspace</a> + <a href="<%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %>/repository/default/">default workspace</a> to check if you can still see any content in the repository. You will see an error message if the repository is not available. </li> @@ -87,13 +89,17 @@ request.setAttribute("title", "Troubleshooting"); <h2>Environment information</h2> <p> This instance of the Jackrabbit JCR Server is running in - a <em><%= application.getServerInfo() %></em> servlet container + a <em><%= Text.encodeIllegalXMLCharacters(application.getServerInfo()) %></em> servlet container that supports the Java Servlet API version <%= application.getMajorVersion() %>.<%= application.getMinorVersion() %>. </p> <p> Details of the Java and operating system environment are included in the system properties shown below: </p> -<pre><% System.getProperties().list(new java.io.PrintWriter(out)); %></pre> +<% +StringWriter buffer = new StringWriter(); +System.getProperties().list(new PrintWriter(buffer)); +%> +<pre><%= Text.encodeIllegalXMLCharacters(buffer.toString()) %></pre> <jsp:include page="footer.jsp"/>
jackrabbit-webapp/src/main/webapp/webdav-jcr.jsp+4 −3 modified@@ -18,14 +18,15 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---%><% +--%><%@page import="org.apache.jackrabbit.util.Text"%><% request.setAttribute("title", "JCR WebDAV Server"); URI uri = new URI(request.getRequestURL().toString()); String href = uri.getScheme() + "://" + uri.getHost() + ":" + uri.getPort() + request.getContextPath() + JCRWebdavServerServlet.getPathPrefix(pageContext.getServletContext()); +href = Text.encodeIllegalXMLCharacters(href); String shref = href + "/default/jcr:root"; %><jsp:include page="header.jsp"/> <p> @@ -74,8 +75,8 @@ String shref = href + "/default/jcr:root"; <h3>Configuration</h3> <ul> - <li>Context Path: <%= request.getContextPath() %></li> - <li>Resource Path Prefix: <%= JCRWebdavServerServlet.getPathPrefix(pageContext.getServletContext()) %></li> + <li>Context Path: <%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %></li> + <li>Resource Path Prefix: <%= Text.encodeIllegalXMLCharacters(JCRWebdavServerServlet.getPathPrefix(pageContext.getServletContext())) %></li> <li>Workspace Name: <i>optional</i> (available workspaces are mapped as resources)</li> <li>Additional servlet configuration: see <i>/WEB-INF/web.xml</i></li> </ul>
jackrabbit-webapp/src/main/webapp/webdav-simple.jsp+4 −3 modified@@ -15,7 +15,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---%><% +--%><%@page import="org.apache.jackrabbit.util.Text"%><% request.setAttribute("title", "Standard WebDAV Server"); URI uri = new URI(request.getRequestURL().toString()); @@ -24,6 +24,7 @@ String href = + request.getContextPath() + SimpleWebdavServlet.getPathPrefix(pageContext.getServletContext()) + "/default/"; +href = Text.encodeIllegalXMLCharacters(href); %><jsp:include page="header.jsp"/> <p> @@ -76,8 +77,8 @@ String href = <h3>Configuration</h3> <ul> - <li>Context path: <%= request.getContextPath() %></li> - <li>Resource path prefix: <%= SimpleWebdavServlet.getPathPrefix(pageContext.getServletContext()) %></li> + <li>Context path: <%= Text.encodeIllegalXMLCharacters(request.getContextPath()) %></li> + <li>Resource path prefix: <%= Text.encodeIllegalXMLCharacters(SimpleWebdavServlet.getPathPrefix(pageContext.getServletContext())) %></li> <li>Servlet configuration: see <i>/WEB-INF/web.xml</i></li> <li>WebDAV specific resource configuration: see <i>/WEB-INF/config.xml</i></li> </ul>
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
16- www.securityfocus.com/bid/33360nvdExploit
- issues.apache.org/jira/browse/JCR-1925nvdExploitVendor AdvisoryWEB
- secunia.com/advisories/33576nvdVendor Advisory
- github.com/advisories/GHSA-6fxv-38xc-h866ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2009-0026ghsaADVISORY
- access.redhat.com/security/cve/CVE-2009-0026ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/48110nvdWEB
- github.com/apache/jackrabbit/commit/36330ae8df40ceaddf9f3f95b8d4855b54921579ghsaWEB
- github.com/apache/jackrabbit/commit/fbdcc02bc35db1d23b527da7bc411087ef29bf1fghsaWEB
- www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txtghsaWEB
- www.vupen.com/english/advisories/2009/0177ghsaWEB
- securityreason.com/securityalert/4942nvd
- www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txtnvd
- www.securityfocus.com/archive/1/500196/100/0/threadednvd
- www.vupen.com/english/advisories/2009/0177nvd
News mentions
0No linked articles in our index yet.