Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
tomcat.7194
tomcat-7.0.90-CVE-2018-11784.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tomcat-7.0.90-CVE-2018-11784.patch of Package tomcat.7194
From b76e1dfb3dec3789cc700f8d022c872eb947a221 Mon Sep 17 00:00:00 2001 From: Mark Thomas <markt@apache.org> Date: Tue, 4 Sep 2018 18:22:03 +0000 Subject: [PATCH] When generating a redirect to a directory in the Default Servlet, avoid generating a protocol relative redirect. git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk@1840057 13f79535-47bb-0310-9956-ffa450edef68 --- java/org/apache/catalina/servlets/DefaultServlet.java | 4 ++++ webapps/docs/changelog.xml | 4 ++++ 2 files changed, 8 insertions(+) Index: apache-tomcat-7.0.90-src/java/org/apache/catalina/servlets/DefaultServlet.java =================================================================== --- apache-tomcat-7.0.90-src.orig/java/org/apache/catalina/servlets/DefaultServlet.java +++ apache-tomcat-7.0.90-src/java/org/apache/catalina/servlets/DefaultServlet.java @@ -1106,6 +1106,10 @@ public class DefaultServlet location.append('?'); location.append(request.getQueryString()); } + // Avoid protocol relative redirects + while (location.length() > 1 && location.charAt(1) == '/') { + location.deleteCharAt(0); + } response.sendRedirect(response.encodeRedirectURL(location.toString())); } Index: apache-tomcat-7.0.90-src/webapps/docs/changelog.xml =================================================================== --- apache-tomcat-7.0.90-src.orig/webapps/docs/changelog.xml +++ apache-tomcat-7.0.90-src/webapps/docs/changelog.xml @@ -135,6 +135,10 @@ <code>Expires</code> header as required by HTTP specification (RFC 7231, 7234). (kkolinko) </fix> + <fix> + When generating a redirect to a directory in the Default Servlet, avoid + generating a protocol relative redirect. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote">
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
