Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
tomcat.28070
tomcat-8.0.53-CVE-2018-11784.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tomcat-8.0.53-CVE-2018-11784.patch of Package tomcat.28070
Index: java/org/apache/catalina/servlets/DefaultServlet.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- java/org/apache/catalina/servlets/DefaultServlet.java (date 1530283078000) +++ java/org/apache/catalina/servlets/DefaultServlet.java (date 1539554255000) @@ -1046,6 +1046,10 @@ location.append('?'); location.append(request.getQueryString()); } + // Avoid protocol relative redirects + while (location.length() > 1 && location.charAt(1) == '/') { + location.deleteCharAt(0); + } response.sendRedirect(response.encodeRedirectURL(location.toString())); } Index: webapps/docs/changelog.xml IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- webapps/docs/changelog.xml (date 1530283078000) +++ webapps/docs/changelog.xml (date 1539554256000) @@ -591,6 +591,10 @@ <bug>61999</bug>: maxSavePostSize set to 0 should disable saving POST data during authentication. (remm) </fix> + <fix> + When generating a redirect to a directory in the Default Servlet, avoid + generating a protocol relative redirect. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote">
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor