[jira] [Resolved] (AMQ-7339) Fix possible XSS attack in the HttpTunnelServlet

Jira Fri, 08 Nov 2019 05:48:13 -0800


     [ 
https://issues.apache.org/jira/browse/AMQ-7339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré resolved AMQ-7339.
---------------------------------------
    Resolution: Fixed

> Fix possible XSS attack in the HttpTunnelServlet
> ------------------------------------------------
>
>                 Key: AMQ-7339
>                 URL: https://issues.apache.org/jira/browse/AMQ-7339
>             Project: ActiveMQ
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 5.16.0, 5.15.11
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> There is a potential XXS attack in the HttpTunnelServlet where we return the 
> clientId header directly in an error. The fix is just to avoid sending the 
> header back at all, as I didn't want to add an additional dependency to 
> encode it.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (AMQ-7339) Fix possible XSS attack in the HttpTunnelServlet

Reply via email to