[jira] [Commented] (AMQ-7339) Fix possible XSS attack in the HttpTunnelServlet

ASF subversion and git services (Jira) Fri, 08 Nov 2019 05:47:09 -0800


    [ 
https://issues.apache.org/jira/browse/AMQ-7339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16970203#comment-16970203
 ]


ASF subversion and git services commented on AMQ-7339:
------------------------------------------------------

Commit 6675ddfe289f2fa617dcfc960a9f88ea48cba028 in activemq's branch 
refs/heads/activemq-5.15.x from Colm O hEigeartaigh
[ https://gitbox.apache.org/repos/asf?p=activemq.git;h=6675ddf ]

AMQ-7339 - Fix possible XSS attack in the HttpTunnelServlet

(cherry picked from commit 7441c6b6035e4a86d6a32b39445d75a33802ec3e)


> Fix possible XSS attack in the HttpTunnelServlet
> ------------------------------------------------
>
>                 Key: AMQ-7339
>                 URL: https://issues.apache.org/jira/browse/AMQ-7339
>             Project: ActiveMQ
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 5.16.0, 5.15.11
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> There is a potential XXS attack in the HttpTunnelServlet where we return the 
> clientId header directly in an error. The fix is just to avoid sending the 
> header back at all, as I didn't want to add an additional dependency to 
> encode it.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (AMQ-7339) Fix possible XSS attack in the HttpTunnelServlet

Reply via email to