oss-sec mailing list archives
Re: Fwd: [SECURITY] CVE-2018-1304 Security constraints mapped to context root are ignored
From: Doran Moppert <dmoppert () redhat com>
Date: Fri, 23 Feb 2018 14:59:49 +1030
On Feb 23 2018, Mark Thomas wrote:
CVE-2018-1304 Security constraints mapped to context root are ignored Mitigation: Users of the affected versions should apply one of the following mitigations: - Review security constraints and confirm none use a URL patten of "" (the empty string)
Will a URL pattern of "/" correctly protect the context root of vulnerable versions? If so, this seems worth mentioning. -- Doran Moppert Red Hat Product Security
Attachment:
_bin
Description:
Current thread:
- Fwd: [SECURITY] CVE-2018-1304 Security constraints mapped to context root are ignored Mark Thomas (Feb 22)
- Re: Fwd: [SECURITY] CVE-2018-1304 Security constraints mapped to context root are ignored Doran Moppert (Feb 22)