Opened 11 years ago
Closed 11 years ago
#3034 closed defect (fixed)
XSS vulnerability in ffserver
| Reported by: | Anatoliy | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | ffserver |
| Version: | git-master | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
Summary of the bug:
How to reproduce:
% curl 'http://myserver/1ssssssss<h1 >'
Output:
<html> <head><title>404 Not Found</title></head> <body>File '/1ssssssss<h1>' not found</body> </html>
Special HTML characters needs to be escaped
More about XSS:
http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
Change History (1)
comment:1 by , 11 years ago
| Reproduced by developer: | set |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Fixed in 885739f3b4ca3fb60abf417120845e3fcfb99b53