Hitachi Vantara Pentaho Community Wiki
Child pages
  • A5 Security Misconfiguration

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


This vulnerability exists when an application accepts direct ogject object reference to a specific filename as an input parabeter parameter and then servers that file to the user. A malicious attacker can then traverse through arbitrary directories on the server to view files which would not normally be accessible, including sensitive files such as /etc/password.