User:Malshani RathnaSri/sandbox

= Vulnerabilities (CVE-2019-17572-22) =

Introduction to Vulnerability
The software constructs a pathname from external input that is meant to locate a file or directory beneath a restricted parent directory, but the software does not properly sanitize special elements that potentially resolve to a destination outside of the restricted directory. A restricted directory is designed to be the location of many file operations. Attackers can access files or folders located elsewhere on the system by employing special characters like ".." and "/" separators to leave the restricted area. The "../" sequence, which is read as the parent directory of the present location by the majority of modern operating systems, is one of the most prevalent special elements. Relative path traversal is the term used to describe this. Absolute pathnames like "/usr/local/bin," which might be used to access unexpected files, are similarly covered by path traversal. Absolute path traversal is the term used to describe this.

Affected applications/software and versions
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.

Known threats and reported exploitation's

 * Integrity Confidentiality Availability - Technical Impact: Execute Unauthorized Code or Commands.

The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.


 * Integrity - Technical Impact: Modify Files or Directories.

The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication.


 * Confidentiality - The attacker may be able to read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system.


 * Availability - Technical Impact: DoS: Crash, Exit, or Restart.

The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of protection mechanisms such as authentication, it has the potential to lock out every user of the software.

Remedial actions
Upgrade to Apache RocketMQ 4.6.1 or later.

Additional Resources
A restricted directory is designed to be the location of many file operations. Attackers can access files or folders located elsewhere on the system by employing special characters like ".." and "/" separators to leave the restricted area. The "../" sequence, which is read as the parent directory of the present location by the majority of modern operating systems, is one of the most prevalent special elements. Relative path traversal is the term used to describe this. Absolute pathnames like "/usr/local/bin," which might be used to access unexpected files, are similarly covered by path traversal. Absolute path traversal is the term used to describe this.