Arbitrary File Read Exploit Hotfix

Uncategorized

Exclamation_mark.jpgThis hot fix removes an arbitrary file read exploit that allows an attacker to read the content of any file on the server hosting the DAS. This exploit attacks the administration console with a specific string, bypassing secure administration and any required login details. Therefore, if the administration console is not publicly accessible, and Payara Server is running under a restricted user (as per best practice), then the risk is minimised.

 

Download Payara Server 161,  including the fix. 

 

################### WARNING ####################

For the hotfix to take effect, you will need to stop and start your DAS.

It is not necessary to restart your other instances, though specific setups may find it beneficial to do so.

################################################

This fix applies to all versions of Payara Server prior to version 4.1.1.161.

 

To apply the hotfix:

  • Shut down the DAS: asadmin stop-domain $DOMAIN_NAME
  • Create a backup of your Payara server install and configuration
  • Delete the following file: $PAYARA_HOME/glassfish/lib/install/applications/__admingui/WEB-INF/extra/webui-jsf-4.0.2.10.jar
  • Download the following artefact: https://s3-eu-west-1.amazonaws.com/payara-patches/com/sun/woodstock/webui-jsf/4.0.2.10.payara-p2/webui-jsf-4.0.2.10.payara-p2.jar
  • Copy the downloaded artefact (webui-jsf-4.0.2.10.payara-p2.jar) into the same directory as the deleted file: $PAYARA_HOME/glassfish/lib/install/applications/__admingui/WEB-INF/extra/
  • Rename the new jar file (webui-jsf-4.0.2.10.payara-p2.jar) to webui-jsf-4.0.2.10.jar (to match the deleted original).

Restart your DAS: asadmin start-domain $DOMAIN_NAME

 

 

Comments (0)

Post a comment

Your email address will not be published. Required fields are marked *

Payara needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Legal & Privacy Policy.

Related Posts

Payara Qube-Cloud Light banner 4 minutes
Security

Zero Trust Security in Enterprise Java: What it is and How to Implement it

Cybersecurity isn’t just about building walls, fortresses, moats or any other external barrier anymore. Nowadays, it’s important to check […]

Community_Announcement 4 minutes
Uncategorized

Leading the Way: Payara Platform Community 7 Beta Now Fully Jakarta EE 11 Certified

We’re excited to announce that Payara Platform Community 7 Beta application server is now fully certified as Jakarta EE 11 […]

Understanding the Security Issues of Aging Middleware 8 minutes
Security

Understanding the Security Issues of Aging Middleware

Middleware runs quietly in the background of most applications, which makes it easy to overlook its lifecycle. In effect, […]