Project SimpleProject Type: software

Project Simple

Uploaded image for project: 'Project Simple'
  1. Project Simple
  2. ST-232

Information Disclosure for File Upload URL

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Component/s: BenAdmin
    • Labels:
      None
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete - Closed
    • Issue Importance:
      Must Have

      Description

      URL: https://10.0.2.56/Platform/common/UploadFilePost

      Default Error page is displayed if we forcefully browse the URL without login.
      Default error should not be displayed.

        Attachments

          Issue Links

          duplicates

          Enhancement - An improvement or enhancement to an existing feature or task. ST-228 Security - Deny access to unauthorized users

          • High - Serious problem that could block progress.
          • Closed

            Activity

            Ascending order - Click to sort in descending order
            vijayendra Vijayendra Shinde (Inactive) created issue -
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Field Original Value New Value
            Assignee Vijayendra Shinde [ ID10506 ]
            Hide
            Permalink
            vijayendra Vijayendra Shinde (Inactive) added a comment -

            We have shown Page not found message instead of Default error mesage.

            Show
            vijayendra Vijayendra Shinde (Inactive) added a comment - We have shown Page not found message instead of Default error mesage.
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Item State Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) Parent values: LB QA(10201)
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Assignee Vijayendra Shinde [ ID10506 ] Zeeshan Chishty [ zeeshan.chishty ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Status New Request [ 10029 ] Pending for Approval [ 10002 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Status Pending for Approval [ 10002 ] Approved for Development [ 10003 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Status Approved for Development [ 10003 ] In Development [ 10007 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Item State Parent values: LB QA(10201) Parent values: LB QA(10201)Level 1 values: LB Deployed(11600)
            Hide
            Permalink
            Zeeshan.Chishty Zeeshan Chishty (Inactive) added a comment -

            Confirmed that Page Not Found is displayed now and no Information is disclosed.

            Show
            Zeeshan.Chishty Zeeshan Chishty (Inactive) added a comment - Confirmed that Page Not Found is displayed now and no Information is disclosed.
            Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
            Status In Development [ 10007 ] Local Testing [ 10200 ]
            Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
            Item State Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213)
            Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
            Status Local Testing [ 10200 ] Pending for Stage Approval [ 10300 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Status Pending for Stage Approval [ 10300 ] Approved for Stage [ 10030 ]
            rakeshr Rakesh Roy (Inactive) made changes -
            Developer Vijayendra Shinde [ ID10506 ]
            Issue Importance Must Have [ 11800 ]
            Production Due Date 28/Jun/2016
            Stage Due Date 27/Jun/16 [ 2016-06-27 ]
            Hide
            Permalink
            Zeeshan.Chishty Zeeshan Chishty (Inactive) added a comment - - edited

            Vijayendra ShindeOn Stage below error is displayed and not Page not Found.
            Server Error in '/Platform' Application.

            Runtime Error

            Description: An exception occurred while processing your request. Additionally, another exception occurred while executing the custom error page for the first exception. The request has been terminated.

            Show
            Zeeshan.Chishty Zeeshan Chishty (Inactive) added a comment - - edited Vijayendra Shinde On Stage below error is displayed and not Page not Found. Server Error in '/Platform' Application. Runtime Error Description: An exception occurred while processing your request. Additionally, another exception occurred while executing the custom error page for the first exception. The request has been terminated.
            Hide
            Permalink
            Zeeshan.Chishty Zeeshan Chishty (Inactive) added a comment -

            Confirmed that we are getting Page Not Found on stage .

            Show
            Zeeshan.Chishty Zeeshan Chishty (Inactive) added a comment - Confirmed that we are getting Page Not Found on stage .
            Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
            Item State Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Status Approved for Stage [ 10030 ] Stage Testing [ 10201 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Status Stage Testing [ 10201 ] Pending for Production Approval [ 10301 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Status Pending for Production Approval [ 10301 ] Approved for production [ 10034 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Item State Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)
            Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
            Assignee Zeeshan Chishty [ zeeshan.chishty ] Vijayendra Shinde [ ID10506 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Assignee Vijayendra Shinde [ ID10506 ] Deepali Tidke [ deepalit ]
            Hide
            Permalink
            deepalit Deepali Tidke (Inactive) added a comment -

            checked on production with following link: https://www.workterra.net/WORKTERRA/common/UploadFilePost

            Page not found is coming

            Show
            deepalit Deepali Tidke (Inactive) added a comment - checked on production with following link: https://www.workterra.net/WORKTERRA/common/UploadFilePost Page not found is coming
            deepalit Deepali Tidke (Inactive) made changes -
            Item State Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) Parent values: Production Complete(10222)
            deepalit Deepali Tidke (Inactive) made changes -
            Item State Parent values: Production Complete(10222) Parent values: Production Complete(10222)Level 1 values: Closed(10223)
            deepalit Deepali Tidke (Inactive) made changes -
            Status Approved for production [ 10034 ] Production Testing [ 10202 ]
            deepalit Deepali Tidke (Inactive) made changes -
            Resolution Done [ 10000 ]
            Status Production Testing [ 10202 ] Production Complete [ 10028 ]
            deepalit Deepali Tidke (Inactive) made changes -
            Resolution Done [ 10000 ] Fixed [ 1 ]
            Status Production Complete [ 10028 ] Closed [ 6 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Link This issue duplicates ST-228 [ ST-228 ]
            Transition Time In Source Status Execution Times
            Vijayendra Shinde (Inactive) made transition -
            New Request Pending for Approval
            		16h 53m 1
            Vijayendra Shinde (Inactive) made transition -
            Pending for Approval Approved for Development
            		7s 1
            Vijayendra Shinde (Inactive) made transition -
            Approved for Development In Development
            		4s 1
            Zeeshan Chishty (Inactive) made transition -
            In Development In LB Testing
            		25m 37s 1
            Zeeshan Chishty (Inactive) made transition -
            In LB Testing Pending for Stage Approval
            		33s 1
            Vijayendra Shinde (Inactive) made transition -
            Pending for Stage Approval Approved for Stage
            		2m 7s 1
            Vijayendra Shinde (Inactive) made transition -
            Approved for Stage Stage Testing
            		10d 22h 9m 1
            Vijayendra Shinde (Inactive) made transition -
            Stage Testing Pending for Production Approval
            		4s 1
            Vijayendra Shinde (Inactive) made transition -
            Pending for Production Approval Approved for production
            		2s 1
            Deepali Tidke (Inactive) made transition -
            Approved for production In Production Testing
            		9d 5h 11m 1
            Deepali Tidke (Inactive) made transition -
            In Production Testing Production Complete
            		10s 1
            Deepali Tidke (Inactive) made transition -
            Production Complete Closed
            		2s 1

              People

              Assignee:
              deepalit Deepali Tidke (Inactive)
              Reporter:
              vijayendra Vijayendra Shinde (Inactive)
              Developer:
              Vijayendra Shinde (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Pre-Prod Due Date:
                Production Due Date: