Details

    • Similar Issues:
      Show 5 results 

      Description

      By carefully constructing a HTTP POST request, an attacker can execute any of the portal's web services. This vulnerability allows the attacker to circumvent both the permission system and the protection provided by the SecureFilter's portal properties:

      xxx.servlet.hosts.allowed
      xxx.servlet.https.required

        Activity

        Hide
        Samuel Kong added a comment -

        The code for this ticket was committed under LPS-27046, LPS-27101, LPS-27102.

        Show
        Samuel Kong added a comment - The code for this ticket was committed under LPS-27046, LPS-27101, LPS-27102.

          People

          • Assignee:
            SE Support
            Reporter:
            Samuel Kong
            Recent user:
            Esther Sanz
            Participants of an Issue:
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              2 years, 34 weeks, 3 days ago

              Development

                Structure Helper Panel