Hostname checking in httpsession (!216) · Merge Requests · Codecrew / Moya

Hostname checking in httpsession

Credentials are checked per session and hostname is checked per request. This can be abused to escalate privileges from one event to another by copying JSESSIONID-cookie from hostname to another

Edited Jan 11, 2015

Request to merge tuomari:hostnamefix into master

Discussion 0
Commits 1
Changes 1
{{ resolvedDiscussionCount }}/{{ discussionCount }} {{ resolvedCountText }} resolved

Juho Juopperi @jkj
mentioned in commit b1c2c9b5
Jan 11, 2015

mentioned in commit b1c2c9b5

Toggle commit list

Please register or sign in to post a comment

Hostname checking in httpsession

Merged