git.samba.org - samba.git/commit

author	Kai Blin <kai@samba.org>
	Thu, 7 Jul 2011 08:03:33 +0000 (10:03 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Sun, 24 Jul 2011 20:01:56 +0000 (22:01 +0200)
commit	4cd5237ed156bb5a288e865b5afc88a966e1f386
tree	bc19480a9818878c8e3477470da3adeb53a4e5ef	tree
parent	983d9300de5fac5d50af525bb1a41a33b012dae1	commit \| diff

s3 swat: Fix possible XSS attack (bug #8289)

Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.

This patch fixes the reflection issue by not printing user-specified content on
the website anymore.

Signed-off-by: Kai Blin <kai@samba.org>
CVE-2011-2694.

source3/web/swat.c

diff | blob | history

Samba Shared Repository

RSS Atom