oss-sec mailing list archives

CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 4 Dec 2012 09:58:26 -0500 (EST)

Hello Kurt, Steve, vendors,

  Qt upstream has released 4.8.4 version correcting one security
issue:

An information disclosure flaw was found in the way XMLHttpRequest
object implementation in Qt, a software toolkit for developing
applications, performed management of certain HTTP responses.
Previous implementation allowed redirection from HTTP protocol
to file schemas. Also the redirection handling was performed
automatically by QML application and could not be disabled.
A remote attacker could use this flaw to cause QML application
in an unauthorized way to read local file content by causing
the HTTP response for the application to be a redirect to
a file: URL (file scheme).

References:
[1] http://lists.qt-project.org/pipermail/announce/2012-November/000014.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=883415

Relevant upstream patch:
[3] https://codereview.qt-project.org/#change,40034

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection Jan Lieskovsky (Dec 04)
- Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection Kurt Seifried (Dec 04)