Author: markt
Date: Mon Jun 2 14:44:22 2008
New Revision: 662585
URL: http://svn.apache.org/viewvc?rev=662585&view=rev
Log:
Fix potential XSS in host-manager.
This is CVE-2008-1947.
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java?rev=662585&r1=662584&r2=662585&view=diff
==============================================================================
---
tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
Mon Jun 2 14:44:22 2008
@@ -21,6 +21,7 @@
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
+import java.net.URLEncoder;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.Map;
@@ -278,17 +279,20 @@
args = new Object[7];
args[0] = response.encodeURL
(request.getContextPath() +
- "/html/start?name=" + hostName);
+ "/html/start?name=" +
+ URLEncoder.encode(hostName, "UTF-8"));
args[1] = hostsStart;
args[2] = response.encodeURL
(request.getContextPath() +
- "/html/stop?name=" + hostName);
+ "/html/stop?name=" +
+ URLEncoder.encode(hostName, "UTF-8"));
args[3] = hostsStop;
args[4] = response.encodeURL
(request.getContextPath() +
- "/html/remove?name=" + hostName);
+ "/html/remove?name=" +
+ URLEncoder.encode(hostName, "UTF-8"));
args[5] = hostsRemove;
- args[6] = hostName;
+ args[6] = RequestUtil.filter(hostName);
if (host == this.host) {
writer.print(MessageFormat.format(
MANAGER_HOST_ROW_BUTTON_SECTION, args));
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
