« Previous | Next » 

Revision dc464504

IDdc46450431cf55667da03bfdd9c624291479d953

Added by Andreas Förthner over 9 years ago

[SECURITY] Protect arguments of form __referrer with HMAC

The request arguments of the referring request are
a serialized string written to one of the hidden
fields in a Fluid form. This string has to be protected
by a HMAC to protect FLOW3 from possible unserialize
attacks.

Note: For now there is no object known within the FLOW3
Distribution, that could be used for an unserialize
exploit!

Change-Id: I329f75052d2732f1baf4d26f6fd70cd9d009a65e
Security-Bulletin: FLOW3-SA-2012-001
Fixes: #35300
Releases: 1.0, 1.1

  • added
  • modified
  • copied
  • renamed
  • deleted