You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@tiles.apache.org by "Antonio Petrelli (JIRA)" <ji...@apache.org> on 2009/01/14 18:07:45 UTC

[jira] Created: (TILES-351) EL expressions in JSP using some Tiles JSP tags are evaluated twice

 EL expressions in JSP using some Tiles JSP tags are evaluated twice
--------------------------------------------------------------------

                 Key: TILES-351
                 URL: https://issues.apache.org/struts/browse/TILES-351
             Project: Tiles
          Issue Type: Bug
          Components: tiles-api, tiles-core, tiles-jsp (jsp support)
    Affects Versions: 2.1.1, 2.1.0
         Environment: EL support enabled
            Reporter: Antonio Petrelli
            Priority: Critical
             Fix For: 2.1.2


Tiles 2.1.x allows, with the correct configuration, to use EL expressions in Tiles configuration files.
  
The problem is that, if attribute values or templates are defined using some JSP tags (tiles:putAttribute, tiles:insertTemplate), the EL expression is evaluated twice, one by the container, one by the ELAttributeEvaluator class.
  
Now, if at the first evaluation the EL expression is connected to a user-entered content, it could be maliciously exploited to access the server context.

Therefore, there could be an unwanted exposure of server data or XSS attacks.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (TILES-351) EL expressions in JSP using some Tiles JSP tags are evaluated twice

Posted by "Antonio Petrelli (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/struts/browse/TILES-351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Antonio Petrelli closed TILES-351.
----------------------------------

    Resolution: Fixed

Security bug resolved.

>  EL expressions in JSP using some Tiles JSP tags are evaluated twice
> --------------------------------------------------------------------
>
>                 Key: TILES-351
>                 URL: https://issues.apache.org/struts/browse/TILES-351
>             Project: Tiles
>          Issue Type: Bug
>          Components: tiles-api, tiles-core, tiles-jsp (jsp support)
>    Affects Versions: 2.1.0, 2.1.1
>         Environment: EL support enabled
>            Reporter: Antonio Petrelli
>            Assignee: Antonio Petrelli
>            Priority: Critical
>             Fix For: 2.1.2
>
>
> Tiles 2.1.x allows, with the correct configuration, to use EL expressions in Tiles configuration files.
>   
> The problem is that, if attribute values or templates are defined using some JSP tags (tiles:putAttribute, tiles:insertTemplate), the EL expression is evaluated twice, one by the container, one by the ELAttributeEvaluator class.
>   
> Now, if at the first evaluation the EL expression is connected to a user-entered content, it could be maliciously exploited to access the server context.
> Therefore, there could be an unwanted exposure of server data or XSS attacks.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Assigned: (TILES-351) EL expressions in JSP using some Tiles JSP tags are evaluated twice

Posted by "Antonio Petrelli (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/struts/browse/TILES-351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Antonio Petrelli reassigned TILES-351:
--------------------------------------

    Assignee: Antonio Petrelli

>  EL expressions in JSP using some Tiles JSP tags are evaluated twice
> --------------------------------------------------------------------
>
>                 Key: TILES-351
>                 URL: https://issues.apache.org/struts/browse/TILES-351
>             Project: Tiles
>          Issue Type: Bug
>          Components: tiles-api, tiles-core, tiles-jsp (jsp support)
>    Affects Versions: 2.1.0, 2.1.1
>         Environment: EL support enabled
>            Reporter: Antonio Petrelli
>            Assignee: Antonio Petrelli
>            Priority: Critical
>             Fix For: 2.1.2
>
>
> Tiles 2.1.x allows, with the correct configuration, to use EL expressions in Tiles configuration files.
>   
> The problem is that, if attribute values or templates are defined using some JSP tags (tiles:putAttribute, tiles:insertTemplate), the EL expression is evaluated twice, one by the container, one by the ELAttributeEvaluator class.
>   
> Now, if at the first evaluation the EL expression is connected to a user-entered content, it could be maliciously exploited to access the server context.
> Therefore, there could be an unwanted exposure of server data or XSS attacks.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.