https://bz.apache.org/bugzilla/show_bug.cgi?id=58599
pablo <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|INVALID |--- Status|RESOLVED |REOPENED --- Comment #2 from pablo <[email protected]> --- Ok(In reply to Eric Covener from comment #1) > Security reports belong in email to [email protected]. You'll need to > describe something more concrete in terms of inputs and outputs. ok, the input is basically just changing the url for javascript:document.write(0); while the website is loading. Or you can put 3.3.3.3 when you are in the website in the url and then javascript:document.write(0);. What happens is that then you go to a blank page with 0 there but the url is the same as the website and the website will keep on loading, since the input expected by the website is to index.html (for example) to be loaded and instead there is only a blank page with 0 it will keep on trying it until it happens, which is never or when i refresh the website, this is just an example of why this might be, this is because you allow the user to put in javascript: but also the way you load the website must have something disfunctioning or that has a vulnerability that allows a remote attacker to create an infinite loop or dos, such as in this case. If this is not enough then tell me what i should put. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
