Closed
Bug 256348
Opened 20 years ago
Closed 19 years ago
possible security problem with text/html pages that redirect to outside pages
Categories
(Bugzilla :: Attachments & Requests, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: joshua.neveln, Assigned: myk)
References
Details
Attachments
(1 file)
112 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7b) Gecko/20040514
Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7b) Gecko/20040514
When an attachment of MIME Type text/html is added to a bug, it is displayed
when attachment.cgi is called with edit or fiew options. When that page
contains a redirect to a site outside of the bugzilla server, that page is
displayed instead.
This seems like it could be a security problem, but people with more knowledge
than me should determine that. It seems like more of a problem when the page
redirected to is a cgi.
An example of the type of file that is attached:
<html>
<head>
<meta http-equiv="refresh" content="0;URL=http://somesite.com/">
</head>
<body>
</body>
</html>
I'll try to add an attachment like this as well.
If this isn't a problem, please let me know, and I guess if it is a problem, let
me know sooner.
Thanks
Reproducible: Always
Steps to Reproduce:
1. add attachment as described above
2. edit attachment
Actual Results:
was redirected to external page
Expected Results:
The page was displayed.
Appears in both Mozilla and IE. Found this problem in Bugzilla 2.17.6. Seems
to still appear in 2.18rc2, but I have not had a chance to install that to
verify it.
Reporter | ||
Comment 1•20 years ago
|
||
Attaching an example file forward.html
Comment 2•20 years ago
|
||
next time, checkmark the security box for stuff like this... it mails a bunch of
extra people to get them hopping on it. :)
(not that this issue is exactly hopping, because it's a pain in the butt to fix
- see the bug I'm duping it to)
*** This bug has been marked as a duplicate of 38862 ***
Group: webtools-security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Comment 3•20 years ago
|
||
Hmm, I take that back, reading this a little closer, this isn't actually the
same issue (but sort of related anyway).
I really don't know if there's much we can do about this... Jesse's probably
the guy to tell us what to do here.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Updated•20 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 4•19 years ago
|
||
Jesse: any thoughts?
Comment 5•19 years ago
|
||
I don't think redirecting attachments are a problem.
Comment 6•19 years ago
|
||
What's the status of this bug? Still a security bug? Still open?
Maybe the reporter wondered if it was possible for the called website to access
bugzilla cookies or to launch some script/SQL request on behalf of some bugzilla
user.
Comment 7•19 years ago
|
||
I don't think this is either a bug or a security bug - I agree with Jesse.
Suggest WONTFIX.
Gerv
Comment 8•19 years ago
|
||
Marking the bug as WONTFIX per comments 5 and 7; but letting the security flag
for now. If you disagree, reopen the bug, else remove the security flag.
Severity: major → normal
Status: NEW → RESOLVED
Closed: 20 years ago → 19 years ago
OS: SunOS → All
Hardware: Sun → All
Resolution: --- → WONTFIX
Version: unspecified → 2.17.6
Updated•19 years ago
|
Group: webtools-security
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•