[tomcat] branch 10.0.x updated: Fix CVE-2022-34305 XSS in the examples web application

Thu, 23 Jun 2022 03:08:12 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
     new 1a7e95d9c3 Fix CVE-2022-34305 XSS in the examples web application
1a7e95d9c3 is described below

commit 1a7e95d9c3ef18c4efb5eb997fd1553a71dc6c80
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jun 23 10:26:41 2022 +0100

    Fix CVE-2022-34305 XSS in the examples web application
    
    The session attributes are the primary concern but filter the Principal
    attributes as well to be on the safe side.
---
 webapps/docs/changelog.xml                        |  4 ++++
 webapps/examples/jsp/security/protected/index.jsp | 11 +++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c6df09ead8..fbbf0122b6 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -151,6 +151,10 @@
         Documentation. <bug>62245</bug>: Include <code>contextXsltFile</code>
         when discussing options for configuring directory listings. (markt)
       </fix>
+      <fix>
+        Examples. Fix CVE-2022-34305, a low severity XSS vulnerability in the
+        Form authentication example. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">
diff --git a/webapps/examples/jsp/security/protected/index.jsp 
b/webapps/examples/jsp/security/protected/index.jsp
index 75ac4bcc66..09c23e7219 100644
--- a/webapps/examples/jsp/security/protected/index.jsp
+++ b/webapps/examples/jsp/security/protected/index.jsp
@@ -107,7 +107,11 @@ enter it here:
       }
       type = type.replaceFirst("^java\\.lang\\.", "");
 %>
-<tr><td><%= name %></td><td><%= value %></td><td><%= type %></td>
+<tr>
+  <td><%= util.HTMLFilter.filter(name) %></td>
+  <td><%= util.HTMLFilter.filter(String.valueOf(value)) %></td>
+  <td><%= util.HTMLFilter.filter(type) %></td>
+</tr>
 <%
     }
 %>
@@ -139,7 +143,10 @@ To add some data to the authenticated session, enter it 
here:
   while (names.hasMoreElements()) {
     String name = names.nextElement();
 %>
-<tr><td><%= name %></td><td><%= session.getAttribute(name) %></td>
+<tr>
+  <td><%= util.HTMLFilter.filter(name) %></td>
+  <td><%= util.HTMLFilter.filter(String.valueOf(session.getAttribute(name))) 
%></td>
+</tr>
 <%
   }
 %>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to