slocumbf / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
0 stars 0 forks source link

Investigate solutions fir Access Control Bypass issues with jsp tags #71

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
It is possible to access restricted resources and bypass access control on
those resources on pages that use the jsp forward and include tags.

Ref: https://lists.owasp.org/pipermail/owasp-esapi/2009-December/001672.html

Original issue reported on code.google.com by chrisisbeef on 5 Dec 2009 at 1:56

GoogleCodeExporter commented 9 years ago
Is there momentum to get this into 2.0? This seems like a low traffic bug and 
something that would be nice to have, but I don't think this is a requirement 
for 2.0

Original comment by chrisisbeef on 6 Nov 2010 at 8:20

GoogleCodeExporter commented 9 years ago

Original comment by manico.james@gmail.com on 19 Nov 2010 at 2:34

GoogleCodeExporter commented 9 years ago

Original comment by chrisisbeef on 20 Nov 2010 at 9:53

GoogleCodeExporter commented 9 years ago
Moved out of 2.0 release

Original comment by chris.sc...@owasp.org on 23 Mar 2011 at 4:33