You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Jared Stewart (JIRA)" <ji...@apache.org> on 2016/10/12 22:55:20 UTC
[jira] [Resolved] (GEODE-1532) Pulse is vulnerable to clickjacking
[ https://issues.apache.org/jira/browse/GEODE-1532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jared Stewart resolved GEODE-1532.
----------------------------------
Resolution: Fixed
> Pulse is vulnerable to clickjacking
> -----------------------------------
>
> Key: GEODE-1532
> URL: https://issues.apache.org/jira/browse/GEODE-1532
> Project: Geode
> Issue Type: Bug
> Components: pulse
> Reporter: Swapnil Bawaskar
> Assignee: Jared Stewart
> Fix For: 1.1.0-incubating
>
>
> The Pulse application is vulnerable to clickjacking. An attacker could frame in the web application and highjack a click, tricking a client into making an unintentional transaction. Attackers exploit this vulnerability by loading target pages in IFRAMEs but keeping them hidden, and then orienting the frame so that a user click on the embedding page is routed to a UI control on the embedded page. The attack will be hidden from the user and perpetrated without the user’s knowledge.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)