Uploaded image for project: 'MyFaces Portlet Bridge'
  1. MyFaces Portlet Bridge
  2. PORTLETBRIDGE-236

Security vulnerability with _jsfBridgeViewId, __jpfbJSFTARGET and __jpfbJSFResTARGET URL parameter values

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 3.0.0, 3.0.0-alpha
    • 3.0.0, 3.0.0-alpha
    • Impl

    Description

      MyFaces Portlet Bridge has a security vulnerability in which the _jsfBridgeViewId, __jpfbJSFTARGET, and __jpfbJSFResTARGET request parameter values are not restricted to valid filename characters.

      Attachments

        1. portletbridge-236-alpha_3.0.x.patch
          2 kB
          Ross Clewley
        2. portletbridge-236-trunk.patch
          2 kB
          Ross Clewley

        Activity

          People

            mkienenb Mike Kienenberger
            rclewley Ross Clewley
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: