Article - CS256080
Potential undesired access to sensitive information by authenticated users in Windchill PDMLink
Modified: 14-Dec-2021
Applies To
- FlexPLM 11.0 F000 to M010
- Windchill PDMLink 11.0 to M030
Description
- Potential undesired access to sensitive information by authenticated users in Windchill PDMLink
- Authenticated users in Windchill PDMLink may be able to access potentially sensitive content under \Windchill\WEB-INF
- The contents of <Windchill>\codebase\WEB-INF are not required by any web clients for the normal operation of Windchill
- This directory contains information that some customers may consider sensitive
- The default Apache configuration is expected to deny access to that directory and its contents from all web clients
- Due to a regression in the default configuration of Apache in Windchill, the contents of that directory may be accessible from web clients
- Access would be restricted to authenticated users
- To determine if this directory is open, access the following URL
- http://<yourhostname>/Windchill/WEB-INF/webapp.properties
- If the file is displayed after authentication then the directory is currently open
This is a printer-friendly version of Article 256080 and may be out of date. For the latest version click CS256080