Jackrabbit Content Repository
  1. Jackrabbit Content Repository
  2. JCR-3036

WebDAV/DaveX Servlets susceptible to CSRF Attacks

    Details

      Description

      Both the WebDAV and the remoting (DaveX) servlets are susceptible to CSRF attacks.

        Activity

        Hide
        Lars Krapf added a comment -

        Attached a possible patch.

        Show
        Lars Krapf added a comment - Attached a possible patch.
        Hide
        angela added a comment -

        thanks for the patch. i will take a look at it as soon as possible.

        Show
        angela added a comment - thanks for the patch. i will take a look at it as soon as possible.
        Hide
        angela added a comment -

        applied patch with minor modifications and added tests

        Show
        angela added a comment - applied patch with minor modifications and added tests
        Hide
        Julian Reschke added a comment -

        I think this is very misleading.

        A CSRF attack requires the server to accept POST requests with content type form-data.

        Show
        Julian Reschke added a comment - I think this is very misleading. A CSRF attack requires the server to accept POST requests with content type form-data.

          People

          • Assignee:
            angela
            Reporter:
            Lars Krapf
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development