IV82434: Upload of malicious or unauthorized file types


The TRIRIGA application allows the upload of malicious file types, such as scripts, malware, and Trojans. A malicious user can run commands on the server, using an uploaded shell which will have adverse impact. The TRIRIGAWEB.properties setting IMPORT_CONTENT_INCLUDE_EXTENSIONS is non-functional, allowing users to upload malicious files.

The TRIRIGAWEB property IMPORT_CONTENT_INCLUDE_EXTENSIONS was not being honored in the Document Manager. If INCLUDE rules are set in the TRIRIGAWEB.properties, they will now be honored.

Continue reading

One thought on “IV82434: Upload of malicious or unauthorized file types

  1. Pingback: Having an issue with restricting the upload of certain file types | TRIRIGAFEEDIA

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s