git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c5e163d) | patch
s3 swat: Fix possible XSS attack (bug #8289)
authorKai Blin <kai@samba.org>
Thu, 7 Jul 2011 08:03:33 +0000 (10:03 +0200)
committerKarolin Seeger <kseeger@samba.org>
Wed, 27 Jul 2011 17:39:44 +0000 (19:39 +0200)
commitc93a3b6797e413459e4fd0922fcb55a655500b90
tree66e0ba74362f733f953cbbf61aa0a682d1f7a9dctree
parentc5e163dd21646883ab83b4b413877f5ec06bd216commit | diff
s3 swat: Fix possible XSS attack (bug #8289)

Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.

This patch fixes the reflection issue by not printing user-specified content on
the website anymore.

Signed-off-by: Kai Blin <kai@samba.org>
CVE-2011-2694.
(cherry picked from commit d401ccaedaec09ad6900ec24ecaf205bed3e3ac1)
source/web/swat.c diff | blob | history
Samba Shared Repository