Project

General

Profile

bug #9220

adapt dataportal to /registrationDTO now using identifier as query parameter and secure against CVE-2007-0450 vulnerability

Added by Andreas Kohlbecker 11 days ago. Updated 11 days ago.

Status:
Resolved
Priority:
Highest
Assignee:
Andreas Kohlbecker
Category:
cdm-dataportal
Target version:
Release 5.18
Start date:
09/07/2020
Due date:
% Done:

50%

Severity:
normal
Found in Version:
Tags:
security phycobank

Description

A)
the registration page must be secured against CVE-2007-0450 by using an identifier query parameter.

B)
after solving #9218: adapt dataportal to /registrationDTO & /registration now using identifier as query parameter

http://cdmserver.org/registrationDTO?identifier=http://testbank.org/100001
http://cdmserver.org/registration/status?identifier=http://testbank.org/100001

Related issues

Related to Edit - bug #9218: Change /registrationDTO/identifier/... signatures to use query parameters instead Resolved 09/07/2020
Related to Edit - task #9219: Revert: requests with %2F in URL are rejected by apache New 07/19/2018

Associated revisions

Revision bd15166b (diff)
Added by Andreas Kohlbecker 11 days ago

fix #9220 dataportal adapted to registration controllers now using identifier as query parameter

Revision aea2f0ea (diff)
Added by Andreas Kohlbecker 11 days ago

ref #9220 registratin page using query param 'identifier' to protect against CVE-2007-0450 vulnerability

History

#1 Updated by Andreas Kohlbecker 11 days ago

  • Related to bug #9218: Change /registrationDTO/identifier/... signatures to use query parameters instead added

#2 Updated by Andreas Kohlbecker 11 days ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 50

#3 Updated by Andreas Kohlbecker 11 days ago

  • Subject changed from adapt dataportal to /registrationDTO now using identifier as query parameter to adapt dataportal to /registrationDTO now using identifier as query parameter and secure against CVE-2007-0450 vulnerability
  • Description updated (diff)

#4 Updated by Andreas Kohlbecker 11 days ago

  • Related to task #9219: Revert: requests with %2F in URL are rejected by apache added

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)