| Key: |
UP-1637
|
| Type: |
Bug
|
| Status: |
Open
|
| Priority: |
Major
|
| Assignee: |
Unassigned
|
| Reporter: |
Simon Carter
|
| Votes: |
0
|
| Watchers: |
0
|
|
If you were logged in you would be able to see more operations.
|
|
|
uPortal
Created: 21/Feb/07 07:36 AM
Updated: 21/Feb/07 07:36 AM
|
|
| Component/s: |
Permissions
|
| Affects Version/s: |
2.2.1,
2.3,
2.3.1,
2.3.2,
2.3.3,
2.3.4,
2.3.5,
2.4,
2.4.1,
2.4.2,
2.5.0 M1,
2.5.1 RC1,
2.5.0 RC1,
2.5.0 RC3,
2.5.0 RC2,
2.5.0 GA,
2.5.1 RC2,
2.5.2 RC1,
2.4.4,
2.4.3,
2.5.1 RC3,
2.5.1 GA,
2.4.3.1,
2.5.3 RC1,
2.5.2 GA,
2.5.3 RC2,
2.5.3 RC3,
2.5.3 GA
|
| Fix Version/s: |
None
|
|
|
Original Estimate:
|
Unknown
|
Remaining Estimate:
|
Unknown
|
Time Spent:
|
Unknown
|
|
Environment:
|
Tomcat 5.0.28
Java 1.4
uPortal 2.4.2
Tomcat 5.0.28
Java 1.4
uPortal 2.4.2
|
|
|
When cookies are disabled LoginServlet.java appears to be responsible for creating a redirect loop. This then creates a new user session for each redirect that could be used to create a DoS.
|
|
Description
|
When cookies are disabled LoginServlet.java appears to be responsible for creating a redirect loop. This then creates a new user session for each redirect that could be used to create a DoS. |
Show » |
| There are no comments yet on this issue.
|
|
LoginServlet.java creates a redirect loop when cookies are disabled. Possible DoS waekness.