You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org> on 2008/05/27 07:13:59 UTC

[jira] Updated: (RAMPART-127) Possible Security Hole

     [ https://issues.apache.org/jira/browse/RAMPART-127?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nandana Mihindukulasooriya updated RAMPART-127:
-----------------------------------------------

    Fix Version/s: 1.4

Set Fix version to 1.4. 

> Possible Security Hole
> ----------------------
>
>                 Key: RAMPART-127
>                 URL: https://issues.apache.org/jira/browse/RAMPART-127
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.3
>            Reporter: Amila Chinthaka Suriarachchi
>            Priority: Critical
>             Fix For: 1.4
>
>
> Lets take this senario.
> There is a service which has an operational policy to sign the soap headers and has engaged security at the operational level. There is a soap action to this operation and in normal case users supposed to send a soap action. so at the service level operation is dispatched using the soap action and signature verification is done.
> Lets say an intruder send a soap message without signing and without a soapaction. then the operation is not dispatched before the security phase and hence security verification is not being done. So the message which does not have any security headers passes through.
> then this will dispatch with soapBodyBased dispatching and finally it hits the MR.
> So this is a security hole.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.