You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jspwiki.apache.org by "Florian Holeczek (JIRA)" <ji...@apache.org> on 2011/09/11 01:37:09 UTC

[jira] [Closed] (JSPWIKI-46) Attachment servlet performs unsafe redirection

     [ https://issues.apache.org/jira/browse/JSPWIKI-46?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Florian Holeczek closed JSPWIKI-46.
-----------------------------------


> Attachment servlet performs unsafe redirection
> ----------------------------------------------
>
>                 Key: JSPWIKI-46
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-46
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Core & storage
>    Affects Versions: 2.4.104, 2.5.139-beta
>            Reporter: Janne Jalkanen
>            Assignee: Janne Jalkanen
>             Fix For: 2.6.0
>
>
> The attachment servlet performs a redirection based on data supplied by the end user without authorizing that this location is acceptable, leading to potential phishing attacks.  
> (From Ounce)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira