https://issues.apache.org/bugzilla/show_bug.cgi?id=45652
Summary: XSS patch for EL
Product: Tomcat 6
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Keywords: PatchAvailable
Severity: major
Priority: P2
Component: Jasper
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
Created an attachment (id=22455)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=22455)
Test JSP
Hi everyone,
There is an old post from Matt Raible regarding an XSS vulnerability present in
all tomcat installations by default:
http://raibledesigns.com/rd/entry/java_web_frameworks_and_xss
The JSP I have attached shows a quick-and-dirty test to inject arbitrary HTML
into your page using EL expressions like ${foobar}. I know that "<c:out>" can
be used as a workaround, but it is quite verbose and easy to miss.
As part of my job as a developer of Loom
(http://www.loom.extrema-sistemas.com/) I have prepared a patch for
Generator.java so XML content obtained from EL expressions can be configured to
be escaped defaulting to false (to keep current behavior, but maybe true would
be the safe bet here).
Regards
Rafa
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
