Details
-
Type: Bug
-
Status: Closed
-
Priority: Critical
-
Resolution: Fixed
-
Affects Version/s: EE-1.8.2.GA_P03
-
Fix Version/s: EE-1.8.2.GA_P04
-
Component/s: Framework
-
Labels:None
-
Environment:All
Description
A customer has run a security/vulnerability tests and found that there were some potential security issues with CSS resource path.
Attack Request: GET /<ContextPath>/xmlhttp/css/%3csCrIpT%3ealert(73888)%3c%2fsCrIpT%3e HTTP/1.1
Referer: http:// <servername:port>....TRUNCATED...
Attack Response: HTTP/1.1 404 Not Found
ETag: be339490
Cache-Control: private
Cache-Control: max-age=2629743
Last-Modified: Thu, 23 Jun 2011 16:39:20 GMT
Content-Type: text/plain; charset=UTF-8
Content-Language: en-US
Connection: Close
Date: Thu, 23 Jun 2011 22:39:23 GMT
Server: WebSphere Application Server/6.1
Content-Length: 75
Cannot find CSS file for /<ContextPath>/xmlhttp/css/
Attack Request: GET /<ContextPath>/xmlhttp/css/%3csCrIpT%3ealert(73888)%3c%2fsCrIpT%3e HTTP/1.1
Referer: http:// <servername:port>....TRUNCATED...
Attack Response: HTTP/1.1 404 Not Found
ETag: be339490
Cache-Control: private
Cache-Control: max-age=2629743
Last-Modified: Thu, 23 Jun 2011 16:39:20 GMT
Content-Type: text/plain; charset=UTF-8
Content-Language: en-US
Connection: Close
Date: Thu, 23 Jun 2011 22:39:23 GMT
Server: WebSphere Application Server/6.1
Content-Length: 75
Cannot find CSS file for /<ContextPath>/xmlhttp/css/
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #36621 | Wed Jul 10 10:01:23 MDT 2013 | arran.mccullough | |
Files Changed | ||||
MODIFY
/icefaces/scratchpads/patches/ICEfaces-1.8.2-MPFSA-Build/icefaces/core/src/com/icesoft/faces/webapp/http/core/FileServer.java
MODIFY /icefaces/scratchpads/patches/ICEfaces-1.8.2-MPFSA-Build/icefaces/core/src/com/icesoft/faces/webapp/http/core/ServeCSSResource.java MODIFY /icefaces/scratchpads/patches/ICEfaces-1.8.2-MPFSA-Build/icefaces/core/src/com/icesoft/faces/webapp/http/core/ServeJSCode.java MODIFY /icefaces/scratchpads/patches/ICEfaces-1.8.2-MPFSA-Build/icefaces/core/src/com/icesoft/faces/webapp/http/common/standard/PathDispatcherServer.java |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #24943 | Mon Jul 04 07:33:37 MDT 2011 | mircea.toma | |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/core/FileServer.java
MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/common/standard/PathDispatcherServer.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/core/ServeJSCode.java |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #24942 | Mon Jul 04 07:31:09 MDT 2011 | mircea.toma | |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/core/ServeCSSResource.java
|