Opened 6 years ago

Closed 6 years ago

#3034 closed defect (fixed)

XSS vulnerability in ffserver

Reported by: tborisow Owned by:
Priority: normal Component: ffserver
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:
How to reproduce:

% curl 'http://myserver/1ssssssss<h1 >'

Output:

<html>
<head><title>404 Not Found</title></head>
<body>File '/1ssssssss<h1>' not found</body>
</html>

Special HTML characters needs to be escaped

More about XSS:

http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

Change History (1)

comment:1 Changed 6 years ago by michael

  • Reproduced by developer set
  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.