Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-14704

Impropper sanitisation of attachment filenames allows header injection

    XMLWordPrintable

Details

    Description

      An attacker can craft a specific attachment filename, or rename the file once it has been uploaded to introduce arbitrary headers into the response stream

      Attachments

        1. HeaderSanitisingFilter.class
          2 kB
          Andrew Lynch
        2. HeaderSanitisingResponseWrapper.class
          3 kB
          Andrew Lynch
        3. Picture 64.png
          37 kB
          David Cheney

        Activity

          People

            alynch Andrew Lynch (Inactive)
            dcheney David Cheney (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: