Ext JS arbitrary file read
Description
Ext JS is a JavaScript framework for building interactive web applications. A vulnerability exists in the example files distributed with Ext JS that allows remote attackers to exploit Server-Side Request Forgery (SSRF) and path traversal weaknesses. This vulnerability enables unauthorized users to force the server to make arbitrary HTTP requests and potentially read sensitive files from the server's filesystem when the example directory remains publicly accessible.
Remediation
Immediately remove or restrict access to the Ext JS examples directory from production environments. Follow these steps to remediate:
1. Remove the examples directory entirely if it is not required for production use. This is the most secure option.
2. If the examples must remain accessible, implement strict access controls using web server configuration:
For Apache, add to your .htaccess or virtual host configuration:
<Directory "/path/to/extjs/examples">
Require ip 127.0.0.1
Require ip YOUR_INTERNAL_IP_RANGE
</Directory>For Nginx, add to your server configuration:
location /extjs/examples/ {
allow 127.0.0.1;
allow YOUR_INTERNAL_IP_RANGE;
deny all;
}3. Verify the configuration by attempting to access the examples directory from an unauthorized IP address to ensure access is properly restricted.
4. Audit your deployment to ensure no other example or test code is accessible in production environments.