Investigate solutions fir Access Control Bypass issues with jsp tags

batchu / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java

0 stars 0 forks source link

Investigate solutions fir Access Control Bypass issues with jsp tags #71

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

It is possible to access restricted resources and bypass access control on
those resources on pages that use the jsp forward and include tags.

Ref: https://lists.owasp.org/pipermail/owasp-esapi/2009-December/001672.html

Original issue reported on code.google.com by chrisisbeef on 5 Dec 2009 at 1:56

GoogleCodeExporter commented 8 years ago

Is there momentum to get this into 2.0? This seems like a low traffic bug and 
something that would be nice to have, but I don't think this is a requirement 
for 2.0

Original comment by chrisisbeef on 6 Nov 2010 at 8:20

GoogleCodeExporter commented 8 years ago

Original comment by manico.james@gmail.com on 19 Nov 2010 at 2:34

Added labels: AccessControl

GoogleCodeExporter commented 8 years ago

Original comment by chrisisbeef on 20 Nov 2010 at 9:53

Added labels: Component-AccessControl
Removed labels: AccessControl

GoogleCodeExporter commented 8 years ago

Moved out of 2.0 release

Original comment by chris.sc...@owasp.org on 23 Mar 2011 at 4:33

Added labels: Milestone-Release2.1, Priority-Medium
Removed labels: Milestone-Release2.0, Priority-High