Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Address potential cross-site scripting exploits in the following files:
1.) Replace the variable psh with epsh in files:
proxy/config/body_factory/default/redirect#moved_temporarily
proxy/config/body_factory/default/redirect#moved_permanently
2.) Variable cqh in proxy/config/body_factory/default/access#redirect_url should be replaced with ecqh. However the files appears unutilized in ATS6.0.0, hence remove from Makefile alltogether.
Suggested patch:
diff -Nrup trafficserver-6.0.0/proxy/config/body_factory/default/Makefile.am trafficserver-6.0.0-1/proxy/config/body_factory/default/Makefile.am
— trafficserver-6.0.0/proxy/config/body_factory/default/Makefile.am 2015-09-08 13:43:45.000000000 -0400
+++ trafficserver-6.0.0-1/proxy/config/body_factory/default/Makefile.am 2016-01-19 12:49:44.823719964 -0500
@@ -21,7 +21,6 @@ bodyfactorydir = $(pkgsysconfdir)/body_f
dist_bodyfactory_DATA = \
access#denied \
access#proxy_auth_required \
- access#redirect_url \
access#ssl_forbidden \
.body_factory_info \
cache#not_in_cache \
diff -Nrup trafficserver-6.0.0/proxy/config/body_factory/default/redirect#moved_permanently trafficserver-6.0.0-1/proxy/config/body_factory/defau
lt/redirect#moved_permanently-
- trafficserver-6.0.0/proxy/config/body_factory/default/redirect#moved_permanently 2015-09-08 13:43:45.000000000 -0400
+++ trafficserver-6.0.0-1/proxy/config/body_factory/default/redirect#moved_permanently 2016-01-19 12:50:47.669068203 -0500
@@ -8,7 +8,7 @@
<HR>
- trafficserver-6.0.0/proxy/config/body_factory/default/redirect#moved_permanently 2015-09-08 13:43:45.000000000 -0400
-
<FONT FACE="Helvetica,Arial"><B>
-Description: The document you requested has moved to a new location. The new location is "%<
+Description: The document you requested has moved to a new location. The new location is "%<{Location}
epsh>".
</B></FONT>
<HR>
</BODY>
diff -Nrup trafficserver-6.0.0/proxy/config/body_factory/default/redirect#moved_temporarily trafficserver-6.0.0-1/proxy/config/body_factory/defau
lt/redirect#moved_temporarily
— trafficserver-6.0.0/proxy/config/body_factory/default/redirect#moved_temporarily 2015-09-08 13:43:45.000000000 -0400
+++ trafficserver-6.0.0-1/proxy/config/body_factory/default/redirect#moved_temporarily 2016-01-19 12:50:33.548765337 -0500
@@ -8,7 +8,7 @@
<HR>
<FONT FACE="Helvetica,Arial"><B>
-Description: The document you requested has moved to a new location. The new location is "%<
+Description: The document you requested has moved to a new location. The new location is "%<{Location}
epsh>".
</B></FONT>
<HR>
</BODY>
Attachments
Issue Links
- incorporates
-
-
- Closed
-