[OFBIZ-10427] Add a mean to handle CSRF (CVE-2019-0235) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Minor
Resolution: Duplicate
Affects Version/s: Trunk
Fix Version/s: None
Component/s: framework
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

I already worked on that in OFBiz but without success so far: https://markmail.org/message/r245yie623cdo3wz)
The tracks I explored are:

https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project (really not simple in OFBiz)
https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#CSRF_Prevention_Filter/Introduction (I think preferred)

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

webtools_web.xml.patch
08/Sep/18 09:22
3 kB
Girish Vasmatkar

Issue Links

is duplicated by

OFBIZ-11306 POC for CSRF Token (CVE-2019-0235)

Closed

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 02/Jun/18 09:13

Updated:: 06/Apr/20 17:34

Resolved:: 13/Feb/20 06:04