Opened 11 months ago

Closed 11 months ago

Last modified 11 months ago

#30070 closed Bug (fixed)

Content spoofing possiblity in default 404 page

Reported by: tasn Owned by: nobody
Component: Core (Other) Version: 1.11
Severity: Release blocker Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

A maliciously crafted URL can be reflected back to the user so that the user sees a 404 page with the attacker's content that may be interpreted as originating from the trusted site.

PR with details.

Change History (5)

comment:1 Changed 11 months ago by Tim Graham <timograham@…>

Resolution: fixed
Status: newclosed

In 1ecc0a39:

Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.

Co-Authored-By: Tim Graham <timograham@…>

comment:2 Changed 11 months ago by Tim Graham <timograham@…>

In 64d2396e:

[2.1.x] Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.

Co-Authored-By: Tim Graham <timograham@…>
Backport of 1ecc0a395be721e987e8e9fdfadde952b6dee1c7 from master.

comment:3 Changed 11 months ago by Tim Graham <timograham@…>

In 1cd00fc:

[1.11.x] Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.

Co-Authored-By: Tim Graham <timograham@…>
Backport of 1ecc0a395be721e987e8e9fdfadde952b6dee1c7 from master.

comment:4 Changed 11 months ago by Tim Graham <timograham@…>

In 9f4ed7c9:

[2.0.x] Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.

Co-Authored-By: Tim Graham <timograham@…>
Backport of 1ecc0a395be721e987e8e9fdfadde952b6dee1c7 from master.

comment:5 Changed 11 months ago by Chris Lamb

If it helps anyone, https://gist.github.com/lamby/0a816cfddfd3824bc42093a37ef9cd41/raw is a version for 1.7.11 (out of LTS support).

Note: See TracTickets for help on using tickets.
Back to Top