[Koha-bugs] [Bug 6628] [security] help system use insecure REFERRER for file inclusion
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Nov 28 08:40:49 CET 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6628
Katrin Fischer <katrin.fischer at bsz-bw.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #6417|0 |1
is obsolete| |
--- Comment #5 from Katrin Fischer <katrin.fischer at bsz-bw.de> 2011-11-28 07:40:49 UTC ---
Created attachment 6440
--> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=6440
[SIGNED-OFF] Bug 6628 : Stopping a potential vulnerability
Signed-off-by: Frère Sébastien Marie <semarie-koha at latrappe.fr>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
- verified help pages still work
- verified /cgi-bin/koha/help.pl?url=koha/../catalogue/advsearch.pl does not
show the template file (did work on master, not after applying patch)
- verified cgi-bin/koha/help.pl?url=koha/../../../../../../etc/passwd%00.pl
does not work (didn't work on master or after applying patch)
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list