The paper mentions Plone, but all they found is that Plone rejects the bad input but "Since this error generates ~100 lines in the log file, it may be used to obfuscate other attacks." I found no serious vulnerability claim.
On Tue, May 19, 2009 at 8:59 PM, Jon Stahl <[email protected]> wrote: > Andreas Jung wrote: >> >> Hi there, >> >> just read this article (in German) about a new attack pattern called >> HTTP parameter polution and they mention Plone: >> >> >> http://www.linux-community.de/Internal/Nachrichten/Webanwendungen-mit-HTTP-Parameter-Pollution-angreifen >> >> Anyone heard of this? >> >> >> > > http://seclists.org/bugtraq/2009/May/0165.html seems to be a good starting > point. > > :jon > > > _______________________________________________ > Framework-Team mailing list > [email protected] > http://lists.plone.org/mailman/listinfo/framework-team > -- Steve McMahon Reid-McMahon, LLC [email protected] [email protected] _______________________________________________ Framework-Team mailing list [email protected] http://lists.plone.org/mailman/listinfo/framework-team
