[
https://issues.apache.org/jira/browse/WSS-70?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12519713
]
Chad DeBauch commented on WSS-70:
---------------------------------
I agree, this is major security hole with any handler that uses this method.
The current release of Rampart v1.2 uses this method in WSDoAllReceiver, which
is how I discovered the issue. There is two ways to approach this. Don't have
the handlers use this method or fix this in wss4j. I use my own handler to get
around this.
In my previous comment I said to simply uncomment but it really needs to look
like this:
if (size != resultActions) {
return false;
}
> WSHandler checkReceiverResults causes security problem
> ------------------------------------------------------
>
> Key: WSS-70
> URL: https://issues.apache.org/jira/browse/WSS-70
> Project: WSS4J
> Issue Type: Bug
> Reporter: Gürkan Vural
> Assignee: Davanum Srinivas
> Priority: Critical
>
> In WSS4J 1.1.0 in WSDoAllReceiver there is a check of security actions
> which also checks the size of actions. However this part is moved in
> WSS4J 1.5 to WSHandler.java using checkReceiverResults function and
> action size check is commented out. However the checking for loop is
> controled against the size of actions received in the SOAP message. This
> cause a security problem when an empty security header is sent. It omits
> the for loop and throws no exception!
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
