Actions
bug #9220
closedadapt dataportal to /registrationDTO now using identifier as query parameter and secure against CVE-2007-0450 vulnerability
Status:
Closed
Priority:
Highest
Assignee:
Category:
cdm-dataportal
Target version:
Start date:
Due date:
% Done:
100%
Estimated time:
Severity:
normal
Found in Version:
Description
A)
the registration page must be secured against CVE-2007-0450 by using an identifier query parameter.
B)
after solving #9218: adapt dataportal to /registrationDTO & /registration now using identifier as query parameter
http://cdmserver.org/registrationDTO?identifier=http://testbank.org/100001 http://cdmserver.org/registration/status?identifier=http://testbank.org/100001
Related issues
Updated by Andreas Kohlbecker about 2 years ago
- Related to bug #9218: Change /registrationDTO/identifier/... signatures to use query parameters instead added
Updated by Andreas Kohlbecker about 2 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 50
Applied in changeset cdm-dataportal|bd15166b63c77d27c4d30e3d9b881fc6f776b9a2.
Updated by Andreas Kohlbecker about 2 years ago
- Subject changed from adapt dataportal to /registrationDTO now using identifier as query parameter to adapt dataportal to /registrationDTO now using identifier as query parameter and secure against CVE-2007-0450 vulnerability
- Description updated (diff)
Updated by Andreas Kohlbecker about 2 years ago
- Related to task #9219: Revert: requests with %2F in URL are rejected by apache added
Updated by Andreas Kohlbecker almost 2 years ago
- Status changed from Resolved to Closed
- % Done changed from 50 to 100
Updated by Andreas Kohlbecker almost 2 years ago
- Related to bug #9383: Adapt apache configuration to modified dataportal registration page URL pattern added
Actions