« Previous | Next » 

Revision 7bc4e357

ID7bc4e35752779bab0c51fc82387088d9217277ba

Added by Andreas Förthner almost 10 years ago

[SECURITY] Protect arguments of form __referrer with HMAC

The request arguments of the referring request are
a serialized string written to one of the hidden
fields in a Fluid form. This string has to be protected
by a HMAC to protect FLOW3 from possible unserialize
attacks.

Note: For now there is no object known within the FLOW3
Distribution, that could be used for an unserialize
exploit!

Change-Id: Ifecbeb12cd8266b891f0e0f93faf226454278c44
Security-Bulletin: FLOW3-SA-2012-001
Related: #35300
Releases: 1.0, 1.1

  • added
  • modified
  • copied
  • renamed
  • deleted