Details
-
Type: Bug
-
Status: Closed
-
Priority: Critical
-
Resolution: Fixed
-
Affects Version/s: EE-1.8.2.GA_P03
-
Fix Version/s: EE-1.8.2.GA_P04
-
Component/s: Framework
-
Labels:None
-
Environment:All
Description
A customer has run a security/vulnerability tests and found that there were some potential security issues with CSS resource path.
Attack Request: GET /<ContextPath>/xmlhttp/css/%3csCrIpT%3ealert(73888)%3c%2fsCrIpT%3e HTTP/1.1
Referer: http:// <servername:port>....TRUNCATED...
Attack Response: HTTP/1.1 404 Not Found
ETag: be339490
Cache-Control: private
Cache-Control: max-age=2629743
Last-Modified: Thu, 23 Jun 2011 16:39:20 GMT
Content-Type: text/plain; charset=UTF-8
Content-Language: en-US
Connection: Close
Date: Thu, 23 Jun 2011 22:39:23 GMT
Server: WebSphere Application Server/6.1
Content-Length: 75
Cannot find CSS file for /<ContextPath>/xmlhttp/css/
Attack Request: GET /<ContextPath>/xmlhttp/css/%3csCrIpT%3ealert(73888)%3c%2fsCrIpT%3e HTTP/1.1
Referer: http:// <servername:port>....TRUNCATED...
Attack Response: HTTP/1.1 404 Not Found
ETag: be339490
Cache-Control: private
Cache-Control: max-age=2629743
Last-Modified: Thu, 23 Jun 2011 16:39:20 GMT
Content-Type: text/plain; charset=UTF-8
Content-Language: en-US
Connection: Close
Date: Thu, 23 Jun 2011 22:39:23 GMT
Server: WebSphere Application Server/6.1
Content-Length: 75
Cannot find CSS file for /<ContextPath>/xmlhttp/css/
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion
Arran Mccullough
created issue -
Ken Fyten
made changes -
Field | Original Value | New Value |
---|---|---|
Salesforce Case | [] | |
Fix Version/s | EE-2.0.0.GA_P01 [ 10271 ] | |
Fix Version/s | 2.1 [ 10241 ] | |
Fix Version/s | EE-1.8.2.GA_P04 [ 10280 ] | |
Assignee Priority | P1 | |
Assignee | Mircea Toma [ mircea.toma ] | |
Priority | Major [ 3 ] | Critical [ 2 ] |
Mircea Toma
made changes -
Status | Open [ 1 ] | Resolved [ 5 ] |
Resolution | Fixed [ 1 ] |
Ken Fyten
made changes -
Salesforce Case | [] | |
Fix Version/s | 2.1 [ 10241 ] | |
Fix Version/s | EE-2.0.0.GA_P01 [ 10271 ] |
Ken Fyten
made changes -
Salesforce Case | [] | |
Security | Private [ 10001 ] |
Ken Fyten
made changes -
Status | Resolved [ 5 ] | Closed [ 6 ] |
Assignee Priority | P1 |