Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
2.6.2
-
None
Description
Below is the HTTP Request and Response issued when a user submits a note containing a JavaScript
after modifying some configuration in "Tez" service.
HTTP Request:
PUT /api/v1/clusters/<env> HTTP/1.1
Host: xyz601:8080
Content-Length: 199
Accept: application/json, text/javascript, /; q=0.01
Origin: http://xyz601:8080
X-Requested-With: XMLHttpRequest
X-Requested-By: X-Requested-By
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/70.0.3538.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://xyz:8080/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: AMBARISESSIONID=vfiy4336mxwl1k5ehd6jrz43i
Connection: close
{"Clusters":{"desired_service_config_versions":
}}
Remediation Recommendations
Restrict all input passed to the application to valid, whitelisted content, and ensure that all
response/output sent by the server is HTML/URL/JavaScript encoded, depending on the context in
which the data is used by the application.
The remediation should not attempt to blacklist content and remove, filter, or sanitize it. There are
too many types of encoding it to get around filters for such content.
We strongly recommend a positive security policy that specifies what is allowed.
Negative or attack signature based policies are difficult to maintain and are likely to be incomplete.
Attachments
Issue Links
- links to
