Project

General

Profile

bug #9220

adapt dataportal to /registrationDTO now using identifier as query parameter and secure against CVE-2007-0450 vulnerability

Added by Andreas Kohlbecker about 1 year ago. Updated 11 months ago.

Status:
Closed
Priority:
Highest
Assignee:
Andreas Kohlbecker
Category:
cdm-dataportal
Target version:
Release 5.18
Start date:
09/07/2020
Due date:
% Done:

100%

Severity:
normal
Found in Version:
Tags:
security phycobank

Description

A)
the registration page must be secured against CVE-2007-0450 by using an identifier query parameter.

B)
after solving #9218: adapt dataportal to /registrationDTO & /registration now using identifier as query parameter

http://cdmserver.org/registrationDTO?identifier=http://testbank.org/100001
http://cdmserver.org/registration/status?identifier=http://testbank.org/100001

Related issues

Related to Edit - bug #9218: Change /registrationDTO/identifier/... signatures to use query parameters instead Closed 09/07/2020
Related to Edit - task #9219: Revert: requests with %2F in URL are rejected by apache New 07/19/2018
Related to Edit - bug #9383: Adapt apache configuration to modified dataportal registration page URL pattern Closed 01/12/2021

Associated revisions

Revision bd15166b (diff)
Added by Andreas Kohlbecker about 1 year ago

fix #9220 dataportal adapted to registration controllers now using identifier as query parameter

Revision aea2f0ea (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #9220 registratin page using query param 'identifier' to protect against CVE-2007-0450 vulnerability

Revision b6e9b53a (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #9220 adapting link creation to new registration page URL schema

Revision 0fec6c2b (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #9220 adapting link creation to new registration page URL schema - adapting test

History

#1 Updated by Andreas Kohlbecker about 1 year ago

  • Related to bug #9218: Change /registrationDTO/identifier/... signatures to use query parameters instead added

#2 Updated by Andreas Kohlbecker about 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 50

#3 Updated by Andreas Kohlbecker about 1 year ago

  • Subject changed from adapt dataportal to /registrationDTO now using identifier as query parameter to adapt dataportal to /registrationDTO now using identifier as query parameter and secure against CVE-2007-0450 vulnerability
  • Description updated (diff)

#4 Updated by Andreas Kohlbecker about 1 year ago

  • Related to task #9219: Revert: requests with %2F in URL are rejected by apache added

#5 Updated by Andreas Kohlbecker 11 months ago

  • Status changed from Resolved to Closed
  • % Done changed from 50 to 100

#6 Updated by Andreas Kohlbecker 10 months ago

  • Related to bug #9383: Adapt apache configuration to modified dataportal registration page URL pattern added

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)