cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X

Publishing document with semicolon in filename causes auth prompt when viewing thumbnail/pvs

avillanueva
22-Sapphire I

Publishing document with semicolon in filename causes auth prompt when viewing thumbnail/pvs

Full disclosure. We are using reverse proxy and I did see and article linked below regarding this. I published a document where the primary content filename had a semicolon in the filename. When I attempted to view the details page, my authentication prompt was triggered and I saw this where the thumbnails should be. It still was able to launch Creo View but even then, auth prompt was thrown again. Weird enough to post about. I can see in my system that I have only a dozen cases of this. Publishing actually creates more since the Creo view files use the filename as its identity. 

avillanueva_0-1677241326967.png

Found these in the knowledge base:

https://www.ptc.com/en/support/article/CS249568?source=search

https://www.ptc.com/en/support/article/CS314720?source=search

I know its messing up the URL somehow. I will check Apache logs to see but easy enough to tell users to not do this. Still seems like a bug that should be handled. Actually, what concerns me more is the possibility for injection of attack via the filename. Any white hats out there?

 

4 REPLIES 4

We had a similar problem a couple of weeks ago.

 

Just that morning I had been reading the support articles that I get on a daily basis.

 

Among those articles, one mentioned a problem opening PDF files due to a specific version of Acrobat Reader DC.

 

After an endless row of tests, we discovered that the problem this person had was confined to some PDFs, created as a result of scanning, that would not open by clicking directly on the thumbnail.

 

The problem did not occur if Windchill was configured in Http but only in Https, so we thought it was due to some strange font generated by the scanning being mistranslated by the reverse proxy

 

We solved the problem by opening the PDF file directly from the representations tab as per the attached image.

 

Marco_Tosin_0-1677242964163.png

 

 

Marco

Found article on web discussing potential vulnerability

https://superevr.com/blog/2011/three-semicolon-vulnerabilities

Says its been patched but perhaps reopened.

Caught this in the background (PTC supplied) webserver in the access logs:

127.0.0.1 - - [24/Feb/2023:09:42:19 -0500] "GET /Windchill/servlet/WindchillGW/wt.fv.master.StandardMasterService/doDirectDownload/Report_-_Safety,_Reliabiltiy,_FMEA,_and_Derating;_8-7-2014_docx.jpg?folderId=1580573627&ft=FF&userid=6325&adId=1636797471&fileName=000000026a94a7&refsize=8190&mime=image/jpeg&mk=wt.fv.master.StandardMasterService&c=25&riid=-1&sT=1677249739&sign=mlsEEgwuLrLN9kZEcBxgMGKDV%2BI19WaUNuSCjQXllkY%3D&site<STOPPING HERE>

 

The Proxy server translated that portion to this:

Report_-_Safety%2C_Reliabiltiy%2C_FMEA%2C_and_Derating%3B_8-7-2014_docx.jpg?folderId

I worked with tech support and my other server. We narrowed this down to the proxy server. We turned off publishing so that was not an issue. When I put the same files in my dev server which does not have a proxy, no issue. I am able to open the file just fine and no authentication issues.

With the proxy server, you cannot download it from web or with Windchill desktop Integration. We are still investigating but if you do not have a proxy, no issues.

Top Tags