Projects
Eulaceura:Mainline:GA
tomcat
_service:obs_scm:CVE-2018-11784.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:CVE-2018-11784.patch of Package tomcat
--- a/webapps/docs/changelog.xml 2018-06-20 13:35:40.000000000 -0400 +++ b/webapps/docs/changelog_1.xml 2019-06-24 08:35:44.801000000 -0400 @@ -164,6 +164,10 @@ the authenticated Subject to include at least one Principal of a type specified by <code>userClassNames</code>. (markt) </fix> + <fix> + When generating a redirect to a directory in the Default Servlet, avoid + generating a protocol relative redirect. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote"> --- a/java/org/apache/catalina/servlets/DefaultServlet.java 2018-06-20 13:35:34.000000000 -0400 +++ b/java/org/apache/catalina/servlets/DefaultServlet_1.java 2019-06-24 08:40:08.699000000 -0400 @@ -1324,6 +1324,10 @@ public class DefaultServlet extends Http location.append('?'); location.append(request.getQueryString()); } + // Avoid protocol relative redirects + while (location.length() > 1 && location.charAt(1) == '/') { + location.deleteCharAt(0); + } response.sendRedirect(response.encodeRedirectURL(location.toString())); }
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2