You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@openmeetings.apache.org by "Maxim Solodovnik (JIRA)" <ji...@apache.org> on 2014/05/14 05:33:20 UTC

[jira] [Resolved] (OPENMEETINGS-947) Cross-Site Request Forgery

     [ https://issues.apache.org/jira/browse/OPENMEETINGS-947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Maxim Solodovnik resolved OPENMEETINGS-947.
-------------------------------------------

    Resolution: Invalid
      Assignee: Maxim Solodovnik

It seem like this issue was filed to the wrong project

> Cross-Site Request Forgery
> --------------------------
>
>                 Key: OPENMEETINGS-947
>                 URL: https://issues.apache.org/jira/browse/OPENMEETINGS-947
>             Project: Openmeetings
>          Issue Type: Test
>         Environment: Windows 8
>            Reporter: Kriti Gupta
>            Assignee: Maxim Solodovnik
>            Priority: Critical
>              Labels: security
>
> A cross-site request forgery (CSRF) vulnerability occurs when:
> 1. A Web application uses session cookies.
> 2. The application acts on an HTTP request without verifying that the request was made with the user's consent.
> In this case the application generates HTTP request via a form post at Check.jsp line 16.



--
This message was sent by Atlassian JIRA
(v6.2#6252)