WSHandler checkReceiverResults causes security problem
------------------------------------------------------
Key: WSS-70
URL: https://issues.apache.org/jira/browse/WSS-70
Project: WSS4J
Issue Type: Bug
Reporter: Gürkan Vural
Assigned To: Davanum Srinivas
Priority: Critical
In WSS4J 1.1.0 in WSDoAllReceiver there is a check of security actions
which also checks the size of actions. However this part is moved in
WSS4J 1.5 to WSHandler.java using checkReceiverResults function and
action size check is commented out. However the checking for loop is
controled against the size of actions received in the SOAP message. This
cause a security problem when an empty security header is sent. It omits
the for loop and throws no exception!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
