sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sonal Gupta (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SLING-9043) COPY should be in the referer filter's default list of protected HTTP methods
Date Wed, 05 Feb 2020 04:59:00 GMT

    [ https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17030359#comment-17030359
] 

Sonal Gupta commented on SLING-9043:
------------------------------------

[~reschke] The attack is that if the COPY request is coming from a different host (referrer
is not the same host) it should be blocked. Presently COPY method is not in the default list
of methods hence requests coming from different host are also getting passed. We need to block
these requests with invalid referrers.

> COPY should be in the referer filter's default list of protected HTTP methods
> -----------------------------------------------------------------------------
>
>                 Key: SLING-9043
>                 URL: https://issues.apache.org/jira/browse/SLING-9043
>             Project: Sling
>          Issue Type: Bug
>          Components: Resource Access Security
>            Reporter: Sonal Gupta
>            Priority: Major
>              Labels: vulnerability
>
> The COPY method , by default, is not in the list of methods covered by the CSRF Referer
filter. This might allow an attacker to copy files (abusing the privileges of a logged in
victim) using CSRF.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message