Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
libtcnative-1-0
apache-tomcat-CVE-2010-4172.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache-tomcat-CVE-2010-4172.patch of Package libtcnative-1-0
Index: tomcat6-6.0.20/apache-tomcat-6.0.20-src/java/org/apache/catalina/manager/JspHelper.java =================================================================== --- tomcat6-6.0.20.orig/apache-tomcat-6.0.20-src/java/org/apache/catalina/manager/JspHelper.java 2008-07-22 02:01:28.000000000 +0200 +++ tomcat6-6.0.20/apache-tomcat-6.0.20-src/java/org/apache/catalina/manager/JspHelper.java 2010-11-23 15:16:54.729355741 +0100 @@ -58,7 +58,7 @@ } private static String localeToString(Locale locale) { if (locale != null) { - return locale.toString();//locale.getDisplayName(); + return escapeXml(locale.toString());//locale.getDisplayName(); } else { return ""; } Index: tomcat6-6.0.20/apache-tomcat-6.0.20-src/webapps/docs/changelog.xml =================================================================== --- tomcat6-6.0.20.orig/apache-tomcat-6.0.20-src/webapps/docs/changelog.xml 2010-11-23 15:06:21.000000000 +0100 +++ tomcat6-6.0.20/apache-tomcat-6.0.20-src/webapps/docs/changelog.xml 2010-11-23 15:16:54.729355741 +0100 @@ -341,6 +341,9 @@ <bug>44968</bug>: Provide more information when the load of a keystore fails. (markt) </fix> + <fix> + CVE-2010-4172: Multiple XSS in Manager application. (markt/kkolinko) + </fix> </changelog> </subsection> <subsection name="Jasper"> Index: tomcat6-6.0.20/apache-tomcat-6.0.20-src/webapps/manager/sessionDetail.jsp =================================================================== --- tomcat6-6.0.20.orig/apache-tomcat-6.0.20-src/webapps/manager/sessionDetail.jsp 2008-07-22 02:01:58.000000000 +0200 +++ tomcat6-6.0.20/apache-tomcat-6.0.20-src/webapps/manager/sessionDetail.jsp 2010-11-23 15:19:39.014160985 +0100 @@ -30,8 +30,10 @@ <% String path = (String) request.getAttribute("path"); Session currentSession = (Session)request.getAttribute("currentSession"); HttpSession currentHttpSession = currentSession.getSession(); - String currentSessionId = currentSession.getId(); - String submitUrl = ((HttpServletRequest)pageContext.getRequest()).getRequestURL().toString(); + String currentSessionId = JspHelper.escapeXml(currentSession.getId()); + String submitUrl = JspHelper.escapeXml(response.encodeURL( + ((HttpServletRequest) pageContext.getRequest()).getRequestURI() + + "?path=" + path)); %> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/> @@ -45,7 +47,7 @@ <title>Sessions Administration: details for <%= currentSessionId %></title> </head> <body> -<h1>Details for Session <%= JspHelper.escapeXml(currentSessionId) %></h1> +<h1>Details for Session <%= currentSessionId %></h1> <table style="text-align: left;" border="0"> <tr> @@ -120,7 +122,7 @@ String attributeName = (String) attributeNamesEnumeration.nextElement(); %> <tr> - <td align="center"><form action="<%= submitUrl %>"><div><input type="hidden" name="path" value="<%= path %>" /><input type="hidden" name="action" value="removeSessionAttribute" /><input type="hidden" name="sessionId" value="<%= currentSessionId %>" /><input type="hidden" name="attributeName" value="<%= attributeName %>" /><input type="submit" value="Remove" /></div></form></td> + <td align="center"><form action="<%= submitUrl %>"><div><input type="hidden" name="action" value="removeSessionAttribute" /><input type="hidden" name="sessionId" value="<%= currentSessionId %>" /><input type="hidden" name="attributeName" value="<%= attributeName %>" /><input type="submit" value="Remove" /></div></form></td> <td><%= JspHelper.escapeXml(attributeName) %></td> <td><% Object attributeValue = currentHttpSession.getAttribute(attributeName); %><span title="<%= attributeValue == null ? "" : attributeValue.getClass().toString() %>"><%= JspHelper.escapeXml(attributeValue) %></span></td> </tr> Index: tomcat6-6.0.20/apache-tomcat-6.0.20-src/webapps/manager/sessionsList.jsp =================================================================== --- tomcat6-6.0.20.orig/apache-tomcat-6.0.20-src/webapps/manager/sessionsList.jsp 2008-07-22 02:01:58.000000000 +0200 +++ tomcat6-6.0.20/apache-tomcat-6.0.20-src/webapps/manager/sessionsList.jsp 2010-11-23 15:21:48.963454582 +0100 @@ -26,7 +26,9 @@ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <% String path = (String) request.getAttribute("path"); - String submitUrl = ((HttpServletRequest)pageContext.getRequest()).getRequestURL().append("?path=").append(path).toString(); + String submitUrl = JspHelper.escapeXml(response.encodeURL( + ((HttpServletRequest) pageContext.getRequest()).getRequestURI() + + "?path=" + path)); Collection activeSessions = (Collection) request.getAttribute("activeSessions"); %> <head> @@ -38,10 +40,10 @@ <meta name="author" content="Cedrik LIME"/> <meta name="copyright" content="copyright 2005-2007 the Apache Software Foundation"/> <meta name="robots" content="noindex,nofollow,noarchive"/> - <title>Sessions Administration for <%= path %></title> + <title>Sessions Administration for <%= JspHelper.escapeXml(path) %></title> </head> <body> -<h1>Sessions Administration for <%= path %></h1> +<h1>Sessions Administration for <%= JspHelper.escapeXml(path) %></h1> <p>Tips:</p> <ul> @@ -55,13 +57,13 @@ <form action="<%= submitUrl %>" method="post" id="sessionsForm"> <fieldset><legend>Active HttpSessions informations</legend> <input type="hidden" name="action" id="sessionsFormAction" value="injectSessions"/> - <input type="hidden" name="sort" id="sessionsFormSort" value="<%= (String) request.getAttribute("sort") %>"/> + <input type="hidden" name="sort" id="sessionsFormSort" value="<%= JspHelper.escapeXml(request.getAttribute("sort")) %>"/> <% String order = (String) request.getAttribute("order"); if (order == null || "".equals(order)) { order = "ASC"; } %> - <input type="hidden" name="order" id="sessionsFormSortOrder" value="<%= order %>"/> + <input type="hidden" name="order" id="sessionsFormSortOrder" value="<%= JspHelper.escapeXml(order) %>"/> <input type="submit" name="refresh" id="refreshButton" value="Refresh Sessions list" onclick="document.getElementById('sessionsFormAction').value='refreshSessions'; return true;"/> <%= JspHelper.formatNumber(activeSessions.size()) %> active Sessions<br/> <table border="1" cellpadding="2" cellspacing="2" width="100%"> @@ -95,11 +97,11 @@ <% Iterator iter = activeSessions.iterator(); while (iter.hasNext()) { Session currentSession = (Session) iter.next(); - String currentSessionId = currentSession.getId(); + String currentSessionId = JspHelper.escapeXml(currentSession.getId()); %> <tr> <td> -<input type="checkbox" name="sessionIds" value="<%= currentSessionId %>" /><a href="<%= submitUrl %>&action=sessionDetail&sessionId=<%= currentSessionId %>" target="_new"><%= JspHelper.escapeXml(currentSessionId) %></a> +<input type="checkbox" name="sessionIds" value="<%= currentSessionId %>" /><a href="<%= submitUrl %>&action=sessionDetail&sessionId=<%= currentSessionId %>" target="_new"><%= currentSessionId %></a> </td> <td style="text-align: center;"><%= JspHelper.guessDisplayLocaleFromSession(currentSession) %></td> <td style="text-align: center;"><%= JspHelper.guessDisplayUserFromSession(currentSession) %></td>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
