You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@camel.apache.org by "Hadrian Zbarcea (JIRA)" <ji...@apache.org> on 2011/05/19 03:26:47 UTC

[jira] [Created] (CAMEL-3991) Bad href links generated for certain endpoint uris in camel-web

Bad href links generated for certain endpoint uris in camel-web
---------------------------------------------------------------

                 Key: CAMEL-3991
                 URL: https://issues.apache.org/jira/browse/CAMEL-3991
             Project: Camel
          Issue Type: Bug
          Components: camel-web
    Affects Versions: 2.7.1
            Reporter: Hadrian Zbarcea
            Assignee: Hadrian Zbarcea
             Fix For: 2.8.0


When new Endpoints are created via camel-web, some endpoint uris result in bad href links generated for the endpoint page.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (CAMEL-3991) Bad href links generated for certain endpoint uris in camel-web

Posted by "Hadrian Zbarcea (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CAMEL-3991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Hadrian Zbarcea resolved CAMEL-3991.
------------------------------------

    Resolution: Fixed

> Bad href links generated for certain endpoint uris in camel-web
> ---------------------------------------------------------------
>
>                 Key: CAMEL-3991
>                 URL: https://issues.apache.org/jira/browse/CAMEL-3991
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-web
>    Affects Versions: 2.7.1
>            Reporter: Hadrian Zbarcea
>            Assignee: Hadrian Zbarcea
>             Fix For: 2.7.2, 2.8.0
>
>
> When new Endpoints are created via camel-web, some endpoint uris result in bad href links generated for the endpoint page.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Issue Comment Edited] (CAMEL-3991) Bad href links generated for certain endpoint uris in camel-web

Posted by "Hadrian Zbarcea (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CAMEL-3991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13035913#comment-13035913 ] 

Hadrian Zbarcea edited comment on CAMEL-3991 at 5/30/11 11:18 PM:
------------------------------------------------------------------

Fix applied in rev 1124497 for trunk and rev 1129431 for camel-2.7.2.

      was (Author: hadrian):
    Fix applied in rev 1124497 for trunk and rev 1129431 for camel-2.7.2).
  
> Bad href links generated for certain endpoint uris in camel-web
> ---------------------------------------------------------------
>
>                 Key: CAMEL-3991
>                 URL: https://issues.apache.org/jira/browse/CAMEL-3991
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-web
>    Affects Versions: 2.7.1
>            Reporter: Hadrian Zbarcea
>            Assignee: Hadrian Zbarcea
>             Fix For: 2.7.2, 2.8.0
>
>
> When new Endpoints are created via camel-web, some endpoint uris result in bad href links generated for the endpoint page.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (CAMEL-3991) Bad href links generated for certain endpoint uris in camel-web

Posted by "Hadrian Zbarcea (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CAMEL-3991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Hadrian Zbarcea updated CAMEL-3991:
-----------------------------------

    Fix Version/s: 2.7.2

> Bad href links generated for certain endpoint uris in camel-web
> ---------------------------------------------------------------
>
>                 Key: CAMEL-3991
>                 URL: https://issues.apache.org/jira/browse/CAMEL-3991
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-web
>    Affects Versions: 2.7.1
>            Reporter: Hadrian Zbarcea
>            Assignee: Hadrian Zbarcea
>             Fix For: 2.7.2, 2.8.0
>
>
> When new Endpoints are created via camel-web, some endpoint uris result in bad href links generated for the endpoint page.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Issue Comment Edited] (CAMEL-3991) Bad href links generated for certain endpoint uris in camel-web

Posted by "Hadrian Zbarcea (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CAMEL-3991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13035913#comment-13035913 ] 

Hadrian Zbarcea edited comment on CAMEL-3991 at 5/30/11 11:18 PM:
------------------------------------------------------------------

Fix applied in rev 1124497 for trunk and rev 1129431 for camel-2.7.2).

      was (Author: hadrian):
    Fix applied in rev 1124497.
  
> Bad href links generated for certain endpoint uris in camel-web
> ---------------------------------------------------------------
>
>                 Key: CAMEL-3991
>                 URL: https://issues.apache.org/jira/browse/CAMEL-3991
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-web
>    Affects Versions: 2.7.1
>            Reporter: Hadrian Zbarcea
>            Assignee: Hadrian Zbarcea
>             Fix For: 2.7.2, 2.8.0
>
>
> When new Endpoints are created via camel-web, some endpoint uris result in bad href links generated for the endpoint page.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (CAMEL-3991) Bad href links generated for certain endpoint uris in camel-web

Posted by "Hadrian Zbarcea (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CAMEL-3991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13035913#comment-13035913 ] 

Hadrian Zbarcea commented on CAMEL-3991:
----------------------------------------

Fix applied in rev 1124497.

> Bad href links generated for certain endpoint uris in camel-web
> ---------------------------------------------------------------
>
>                 Key: CAMEL-3991
>                 URL: https://issues.apache.org/jira/browse/CAMEL-3991
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-web
>    Affects Versions: 2.7.1
>            Reporter: Hadrian Zbarcea
>            Assignee: Hadrian Zbarcea
>             Fix For: 2.8.0
>
>
> When new Endpoints are created via camel-web, some endpoint uris result in bad href links generated for the endpoint page.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (CAMEL-3991) Bad href links generated for certain endpoint uris in camel-web

Posted by "Hadrian Zbarcea (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CAMEL-3991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13044165#comment-13044165 ] 

Hadrian Zbarcea commented on CAMEL-3991:
----------------------------------------

This issue is a potential XSS vulnerability discovered by Sow Ching Shiong and reported by Secunia (secunia.com). Please find below the original report:

{quote}
We have received a vulnerability report from a third-party researcher (Sow
Ching Shiong) regarding a cross-site scripting vulnerability in Apache Camel
and contact you on his behalf to attempt a coordinated disclosure.

Please see the vulnerability details below.

We have confirmed the vulnerability in version 2.7.0.

We have reserved Secunia Advisory SA44415 and set a preliminary release date
of 25th May, 2011 for the publication of our advisory. We are, of course,
prepared to postpone this date in case you need more time to address the
vulnerability, as long as you keep us updated on the status.

Also, don't hesitate to contact us in case you have any comments or
questions.

Details:

Input passed via the URL to "camel/endpoints/<endpoint>" is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.


PoC from the reporter:

==
http://localhost:8161/camel/endpoints/mock:someName<iframe
src="javascript:alert('Stored XSS')"

For Stored XSS, please visit
http://localhost:8161/camel/endpoints again to trigger it.
{quote}

> Bad href links generated for certain endpoint uris in camel-web
> ---------------------------------------------------------------
>
>                 Key: CAMEL-3991
>                 URL: https://issues.apache.org/jira/browse/CAMEL-3991
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-web
>    Affects Versions: 2.7.1
>            Reporter: Hadrian Zbarcea
>            Assignee: Hadrian Zbarcea
>             Fix For: 2.7.2, 2.8.0
>
>
> When new Endpoints are created via camel-web, some endpoint uris result in bad href links generated for the endpoint page.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira