Community Tip - When posting, your subject should be specific and summarize your question. Here are some additional tips on asking a great question. X
Full disclosure. We are using reverse proxy and I did see and article linked below regarding this. I published a document where the primary content filename had a semicolon in the filename. When I attempted to view the details page, my authentication prompt was triggered and I saw this where the thumbnails should be. It still was able to launch Creo View but even then, auth prompt was thrown again. Weird enough to post about. I can see in my system that I have only a dozen cases of this. Publishing actually creates more since the Creo view files use the filename as its identity.
Found these in the knowledge base:
https://www.ptc.com/en/support/article/CS249568?source=search
https://www.ptc.com/en/support/article/CS314720?source=search
I know its messing up the URL somehow. I will check Apache logs to see but easy enough to tell users to not do this. Still seems like a bug that should be handled. Actually, what concerns me more is the possibility for injection of attack via the filename. Any white hats out there?
We had a similar problem a couple of weeks ago.
Just that morning I had been reading the support articles that I get on a daily basis.
Among those articles, one mentioned a problem opening PDF files due to a specific version of Acrobat Reader DC.
After an endless row of tests, we discovered that the problem this person had was confined to some PDFs, created as a result of scanning, that would not open by clicking directly on the thumbnail.
The problem did not occur if Windchill was configured in Http but only in Https, so we thought it was due to some strange font generated by the scanning being mistranslated by the reverse proxy
We solved the problem by opening the PDF file directly from the representations tab as per the attached image.
Found article on web discussing potential vulnerability
https://superevr.com/blog/2011/three-semicolon-vulnerabilities
Says its been patched but perhaps reopened.
Caught this in the background (PTC supplied) webserver in the access logs:
127.0.0.1 - - [24/Feb/2023:09:42:19 -0500] "GET /Windchill/servlet/WindchillGW/wt.fv.master.StandardMasterService/doDirectDownload/Report_-_Safety,_Reliabiltiy,_FMEA,_and_Derating;_8-7-2014_docx.jpg?folderId=1580573627&ft=FF&userid=6325&adId=1636797471&fileName=000000026a94a7&refsize=8190&mime=image/jpeg&mk=wt.fv.master.StandardMasterService&c=25&riid=-1&sT=1677249739&sign=mlsEEgwuLrLN9kZEcBxgMGKDV%2BI19WaUNuSCjQXllkY%3D&site<STOPPING HERE>
The Proxy server translated that portion to this:
Report_-_Safety%2C_Reliabiltiy%2C_FMEA%2C_and_Derating%3B_8-7-2014_docx.jpg?folderId
I worked with tech support and my other server. We narrowed this down to the proxy server. We turned off publishing so that was not an issue. When I put the same files in my dev server which does not have a proxy, no issue. I am able to open the file just fine and no authentication issues.
With the proxy server, you cannot download it from web or with Windchill desktop Integration. We are still investigating but if you do not have a proxy, no issues.