Details
-
Type: Bug
-
Status: Closed
-
Priority: Critical
-
Resolution: Fixed
-
Affects Version/s: EE-1.8.2.GA_P03
-
Fix Version/s: EE-1.8.2.GA_P04
-
Component/s: Framework
-
Labels:None
-
Environment:All
Description
A customer has run a security/vulnerability tests and found that there were some potential security issues with CSS resource path.
Attack Request: GET /<ContextPath>/xmlhttp/css/%3csCrIpT%3ealert(73888)%3c%2fsCrIpT%3e HTTP/1.1
Referer: http:// <servername:port>....TRUNCATED...
Attack Response: HTTP/1.1 404 Not Found
ETag: be339490
Cache-Control: private
Cache-Control: max-age=2629743
Last-Modified: Thu, 23 Jun 2011 16:39:20 GMT
Content-Type: text/plain; charset=UTF-8
Content-Language: en-US
Connection: Close
Date: Thu, 23 Jun 2011 22:39:23 GMT
Server: WebSphere Application Server/6.1
Content-Length: 75
Cannot find CSS file for /<ContextPath>/xmlhttp/css/
Attack Request: GET /<ContextPath>/xmlhttp/css/%3csCrIpT%3ealert(73888)%3c%2fsCrIpT%3e HTTP/1.1
Referer: http:// <servername:port>....TRUNCATED...
Attack Response: HTTP/1.1 404 Not Found
ETag: be339490
Cache-Control: private
Cache-Control: max-age=2629743
Last-Modified: Thu, 23 Jun 2011 16:39:20 GMT
Content-Type: text/plain; charset=UTF-8
Content-Language: en-US
Connection: Close
Date: Thu, 23 Jun 2011 22:39:23 GMT
Server: WebSphere Application Server/6.1
Content-Length: 75
Cannot find CSS file for /<ContextPath>/xmlhttp/css/
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion