Author: markt
Date: Wed Jun 13 19:01:19 2007
New Revision: 547081
URL: http://svn.apache.org/viewvc?view=rev&rev=547081
Log:
Fix XSS issues in snoop.jsp. This is CVE-2007-2449. Some of these are harder
(impossible?) to exploit than others but doing all of them means there won't be
another XSS issue to patch later.
I also made a similar change for a couple of other JSPs that are in the
harder/impossible? to exploit category.
Modified:
tomcat/tc6.0.x/trunk/webapps/examples/jsp/security/protected/index.jsp
tomcat/tc6.0.x/trunk/webapps/examples/jsp/snp/snoop.html
tomcat/tc6.0.x/trunk/webapps/examples/jsp/snp/snoop.jsp
tomcat/tc6.0.x/trunk/webapps/examples/jsp/source.jsp
Modified: tomcat/tc6.0.x/trunk/webapps/examples/jsp/security/protected/index.jsp
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/examples/jsp/security/protected/index.jsp?view=diff&rev=547081&r1=547080&r2=547081
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/examples/jsp/security/protected/index.jsp
(original)
+++ tomcat/tc6.0.x/trunk/webapps/examples/jsp/security/protected/index.jsp Wed
Jun 13 19:01:19 2007
@@ -27,14 +27,16 @@
</head>
<body bgcolor="white">
-You are logged in as remote user <b><%= request.getRemoteUser() %></b>
+You are logged in as remote user
+<b><%= util.HTMLFilter.filter(request.getRemoteUser()) %></b>
in session <b><%= session.getId() %></b><br><br>
<%
if (request.getUserPrincipal() != null) {
%>
Your user principal name is
- <b><%= request.getUserPrincipal().getName() %></b><br><br>
+ <b><%= util.HTMLFilter.filter(request.getUserPrincipal().getName()) %></b>
+ <br><br>
<%
} else {
%>
Modified: tomcat/tc6.0.x/trunk/webapps/examples/jsp/snp/snoop.html
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/examples/jsp/snp/snoop.html?view=diff&rev=547081&r1=547080&r2=547081
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/examples/jsp/snp/snoop.html (original)
+++ tomcat/tc6.0.x/trunk/webapps/examples/jsp/snp/snoop.html Wed Jun 13
19:01:19 2007
@@ -24,8 +24,8 @@
<body bgcolor="#FFFFFF">
<p><font color="#0000FF"><a href="snoop.jsp"><img src="../images/execute.gif"
align="right" border="0"></a><a href="../index.html"><img
src="../images/return.gif" width="24" height="24" align="right"
border="0"></a></font></p>
-<h3><a href="snoop.jsp.html">Source Code for Request Parameters Example<font
color="#0000FF"></a>
- </font> </h3>
+<h3><a href="snoop.jsp.html">Source Code for Request Parameters Example<font
color="#0000FF">
+ </font></a></h3>
</body>
</html>
Modified: tomcat/tc6.0.x/trunk/webapps/examples/jsp/snp/snoop.jsp
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/examples/jsp/snp/snoop.jsp?view=diff&rev=547081&r1=547080&r2=547081
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/examples/jsp/snp/snoop.jsp (original)
+++ tomcat/tc6.0.x/trunk/webapps/examples/jsp/snp/snoop.jsp Wed Jun 13 19:01:19
2007
@@ -19,37 +19,38 @@
<body bgcolor="white">
<h1> Request Information </h1>
<font size="4">
-JSP Request Method: <% out.print(util.HTMLFilter.filter(request.getMethod()));
%>
+JSP Request Method: <%= util.HTMLFilter.filter(request.getMethod()) %>
<br>
-Request URI: <%= request.getRequestURI() %>
+Request URI: <%= util.HTMLFilter.filter(request.getRequestURI()) %>
<br>
-Request Protocol: <%= request.getProtocol() %>
+Request Protocol: <%= util.HTMLFilter.filter(request.getProtocol()) %>
<br>
-Servlet path: <%= request.getServletPath() %>
+Servlet path: <%= util.HTMLFilter.filter(request.getServletPath()) %>
<br>
-Path info: <% out.print(util.HTMLFilter.filter(request.getPathInfo())); %>
+Path info: <%= util.HTMLFilter.filter(request.getPathInfo()) %>
<br>
-Query string: <% out.print(util.HTMLFilter.filter(request.getQueryString()));
%>
+Query string: <%= util.HTMLFilter.filter(request.getQueryString()) %>
<br>
Content length: <%= request.getContentLength() %>
<br>
-Content type: <% out.print(util.HTMLFilter.filter(request.getContentType()));
%>
+Content type: <%= util.HTMLFilter.filter(request.getContentType()) %>
<br>
-Server name: <%= request.getServerName() %>
+Server name: <%= util.HTMLFilter.filter(request.getServerName()) %>
<br>
Server port: <%= request.getServerPort() %>
<br>
-Remote user: <%= request.getRemoteUser() %>
+Remote user: <%= util.HTMLFilter.filter(request.getRemoteUser()) %>
<br>
-Remote address: <%= request.getRemoteAddr() %>
+Remote address: <%= util.HTMLFilter.filter(request.getRemoteAddr()) %>
<br>
-Remote host: <%= request.getRemoteHost() %>
+Remote host: <%= util.HTMLFilter.filter(request.getRemoteHost()) %>
<br>
-Authorization scheme: <%= request.getAuthType() %>
+Authorization scheme: <%= util.HTMLFilter.filter(request.getAuthType()) %>
<br>
Locale: <%= request.getLocale() %>
<hr>
-The browser you are using is <%
out.print(util.HTMLFilter.filter(request.getHeader("User-Agent"))); %>
+The browser you are using is
+<%= util.HTMLFilter.filter(request.getHeader("User-Agent")) %>
<hr>
</font>
</body>
Modified: tomcat/tc6.0.x/trunk/webapps/examples/jsp/source.jsp
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/examples/jsp/source.jsp?view=diff&rev=547081&r1=547080&r2=547081
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/examples/jsp/source.jsp (original)
+++ tomcat/tc6.0.x/trunk/webapps/examples/jsp/source.jsp Wed Jun 13 19:01:19
2007
@@ -17,4 +17,4 @@
<%@ taglib uri="http://jakarta.apache.org/tomcat/examples-taglib";
prefix="eg" %>
-<eg:ShowSource jspFile="<%= request.getQueryString() %>"/>
+<eg:ShowSource jspFile="<%= util.HTMLFilter.filter(request.getQueryString())
%>"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
