Investigate solutions fir Access Control Bypass issues with jsp tags #81
Comments
|
From chrisisbeef on November 06, 2010 01:20:56 Is there momentum to get this into 2.0? This seems like a low traffic bug and something that would be nice to have, but I don't think this is a requirement for 2.0 |
|
From manico.james@gmail.com on November 18, 2010 18:34:58 Labels: AccessControl |
|
From chrisisbeef on November 20, 2010 13:53:46 Labels: -AccessControl Component-AccessControl |
|
From chris.sc...@owasp.org on March 23, 2011 09:33:44 Moved out of 2.0 release Labels: -Priority-High -Milestone-Release2.0 Priority-Medium Milestone-Release2.1 |
This was referenced Nov 13, 2014
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From chrisisbeef on December 04, 2009 20:56:45
It is possible to access restricted resources and bypass access control on
those resources on pages that use the jsp forward and include tags.
Ref: https://lists.owasp.org/pipermail/owasp-esapi/2009-December/001672.html
Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=71
The text was updated successfully, but these errors were encountered: