« Previous | Next » 

Revision 73901980

ID73901980bb1c224f50cf7f790bba3379c2373ee5

Added by Andreas Förthner over 9 years ago

[SECURITY] Protect arguments of form __referrer with HMAC

The request arguments of the referring request are
a serialized string written to one of the hidden
fields in a Fluid form. This string has to be protected
by a HMAC to protect FLOW3 from possible unserialize
attacks.

Note: For now there is no object known within the FLOW3
Distribution, that could be used for an unserialize
exploit!

Change-Id: Ifecbeb12cd8266b891f0e0f93faf226454278c44
Security-Bulletin: FLOW3-SA-2012-001
Related: #35300
Releases: 1.0, 1.1

  • added
  • modified
  • copied
  • renamed
  • deleted