|
Message-ID: <50062A82.6080809@redhat.com> Date: Tue, 17 Jul 2012 21:16:18 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE id request: libjs-swfupload -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/17/2012 01:46 PM, Nico Golde wrote: > Hi, * Kurt Seifried <kseifried@...hat.com> [2012-07-17 21:43]: > [...] Thanks for the ids! > >> Please use CVE-2012-3415 for the libjs-swfupload CSRF issue > > This should be plupload in case this has also been noted wrong in > the CVE id description. > > Cheers Nico > Sorry got a little bit cutty and pasty instead of typing. Correct: Please use CVE-2012-3415 for the plupload CSRF issue Vulnerability #2: CSRF in Plupload The Plupload applet called Security.allowDomain('*') to allow the applet to be used from any domain (so it could be served from S3, for instance). That meant people could interact with the Plupload applet from any other site on the Internet by embedding it on a page and using JavaScript. But due to the way the same-origin policy works in Flash, the applet could still make requests back to the domain on which it was hosted. In addition, people can specify the full URL for an upload request via JavaScript and the result of that request (ie: the HTML of the resulting page) is passed back via JavaScript to the embedding page. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJQBiqCAAoJEBYNRVNeJnmTBu8P/RHCEtYcd7QsWGuaiRUrpRCy XEK1x5beKZ8qc7YRb7qtEeNBSrnCk16TZ91WyX+V8E/hC5g+faj5J61DCOVNpd+T jvKHEjOz5YA+nyFmKjQOIsFPmhpL0G2CD+3EZ8na8X7jEejJmg8b9rQ88x6Jqu20 s/juGiuUGlXf0JVLioRymGrFlxiPlnD1ilbcJmGAFTnYHd5C+Ss3jYrTG4v3NREg y7SBML7KeFG8xd0lB7EuQ8ZGXKlwalPLbVCurcLROKCPsIf92LgKjMHcSMIs4t6u fchhY8qQJVvcxnxrmlBVPnSOLUWNvcKBrAN96oi88KuYOxU/gHqFRSAK+mLgfrDj XtE8MRv27+LJ1fxKGy6jjbh1JCXBaOylqeERe01PwmnOeEnX4m9RFkkK/hRNg6hp JWEEfteV/LaP93ga6/fYo9jy/8dVT3ZF5DX/y9rbqrpF8KRRQ7awqT9oJZdUz8Co rCs0Zey4i+BjGrfHRrNQdPYuQYZmE7v28RAsHLr+VpMFLM5Zlxq00lBUJmkBRH9X uyy4yLSjdAxoM/84iXzzxVIcUJ+xYqAWIvScj+mejzTFqG7nzafAHJwBL9w1A3Zc NhUIzkgvzZYWSmG966iINHGtuSt549jQzjcFXVXt1Qer1jWFRdWWGBINecsPbVFe itJ1UYaxim9HgMbHD2RE =ePvM -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.