You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@myfaces.apache.org by "Adam Winer (JIRA)" <de...@myfaces.apache.org> on 2007/05/21 19:27:16 UTC
[jira] Commented: (TRINIDAD-24) JspUtils.getEncoding() blindly
returns the results of the "enc" parameter, which could have been
maliciously tampered with to include additional header values
[ https://issues.apache.org/jira/browse/TRINIDAD-24?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12497522 ]
Adam Winer commented on TRINIDAD-24:
------------------------------------
Fixed. Having problems with JIRA, so can't update the status.
> JspUtils.getEncoding() blindly returns the results of the "enc" parameter, which could have been maliciously tampered with to include additional header values
> --------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: TRINIDAD-24
> URL: https://issues.apache.org/jira/browse/TRINIDAD-24
> Project: MyFaces Trinidad
> Issue Type: Bug
> Affects Versions: 2.0.0-incubating-core-SNAPSHOT, 1.0.1-incubating-core-SNAPSHOT
> Environment: Generic Issue
> Reporter: Blake Sullivan
> Fix For: 1.0.1-incubating-core-SNAPSHOT
>
> Attachments: HeaderSplitting.patch
>
>
> JspUtils.getEncoding() blindly returns the results of the "enc" parameter, which could have been maliciously tampered with to include additional header values. If this value is then used to set the contentType on the ServletResponse and the Servlet Engine performs no validation, attackers can use this behavior as part of a header splitting attack. Note that Trinidad's current use of this function does not have this issue, as the ResponseWriter attempts to retrieve a CharacterEncoder with the specified encoding and this fails. The fix is to validate that the encoding in the RequestParameter at the very least contains no header delimiters.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.