[ 
https://issues.apache.org/jira/browse/GEODE-1532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jared Stewart updated GEODE-1532:
---------------------------------
    Fix Version/s: 1.1.0-incubating

> Pulse is vulnerable to clickjacking
> -----------------------------------
>
>                 Key: GEODE-1532
>                 URL: https://issues.apache.org/jira/browse/GEODE-1532
>             Project: Geode
>          Issue Type: Bug
>          Components: pulse
>            Reporter: Swapnil Bawaskar
>            Assignee: Jared Stewart
>             Fix For: 1.1.0-incubating
>
>
> The Pulse application is vulnerable to clickjacking. An attacker could frame 
> in the web application and highjack a click, tricking a client into making an 
> unintentional transaction. Attackers exploit this vulnerability by loading 
> target pages in IFRAMEs but keeping them hidden, and then orienting the frame 
> so that a user click on the embedding page is routed to a UI control on the 
> embedded page. The attack will be hidden from the user and perpetrated 
> without the user’s knowledge.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to