2014-06-06 20:46:27 |
John Dickinson |
bug |
|
|
added bug |
2014-06-06 20:46:27 |
John Dickinson |
attachment added |
|
header_quote.patch https://bugs.launchpad.net/bugs/1327414/+attachment/4126697/+files/header_quote.patch |
|
2014-06-06 20:59:02 |
Jeremy Stanley |
bug task added |
|
ossa |
|
2014-06-06 20:59:26 |
Jeremy Stanley |
ossa: status |
New |
Incomplete |
|
2014-06-06 20:59:33 |
Jeremy Stanley |
ossa: importance |
Undecided |
Critical |
|
2014-06-09 06:49:20 |
Thierry Carrez |
ossa: importance |
Critical |
Medium |
|
2014-06-09 06:49:20 |
Thierry Carrez |
ossa: status |
Incomplete |
Confirmed |
|
2014-06-09 06:49:45 |
Thierry Carrez |
nominated for series |
|
swift/icehouse |
|
2014-06-09 06:49:45 |
Thierry Carrez |
bug task added |
|
swift/icehouse |
|
2014-06-09 18:49:32 |
John Dickinson |
bug |
|
|
added subscriber Florian Hines |
2014-06-10 19:53:45 |
John Dickinson |
attachment added |
|
header_quote.patch https://bugs.launchpad.net/swift/+bug/1327414/+attachment/4129201/+files/header_quote.patch |
|
2014-06-10 19:57:56 |
John Dickinson |
attachment added |
|
header_quote.icehouse.patch https://bugs.launchpad.net/swift/+bug/1327414/+attachment/4129205/+files/header_quote.icehouse.patch |
|
2014-06-12 13:07:45 |
Thierry Carrez |
ossa: status |
Confirmed |
Triaged |
|
2014-06-16 15:33:42 |
John Dickinson |
attachment added |
|
header_quote.patch https://bugs.launchpad.net/ossa/+bug/1327414/+attachment/4132637/+files/header_quote.patch |
|
2014-06-16 15:34:25 |
John Dickinson |
attachment added |
|
header_quote.icehouse.patch https://bugs.launchpad.net/ossa/+bug/1327414/+attachment/4132638/+files/header_quote.icehouse.patch |
|
2014-06-16 16:23:05 |
John Dickinson |
bug |
|
|
added subscriber Brian Cline |
2014-06-16 16:29:12 |
Alistair Coles |
bug |
|
|
added subscriber Gerry Drudy |
2014-06-16 16:29:32 |
Alistair Coles |
bug |
|
|
added subscriber Donagh McCabe |
2014-06-17 07:48:57 |
Alistair Coles |
bug |
|
|
added subscriber Eamonn O'Toole |
2014-06-18 14:13:51 |
Tristan Cacqueray |
summary |
www-authenticate value isn't quoted |
www-authenticate value isn't quoted (CVE-2014-3497) |
|
2014-06-18 14:14:00 |
Tristan Cacqueray |
cve linked |
|
2014-3497 |
|
2014-06-18 21:45:47 |
John Dickinson |
information type |
Private Security |
Public |
|
2014-06-18 21:47:26 |
OpenStack Infra |
swift: status |
Confirmed |
In Progress |
|
2014-06-18 23:38:28 |
OpenStack Infra |
swift: status |
In Progress |
Fix Committed |
|
2014-06-19 01:40:24 |
OpenStack Infra |
swift/icehouse: status |
New |
Fix Committed |
|
2014-06-19 07:18:54 |
Thierry Carrez |
information type |
Public |
Public Security |
|
2014-06-19 07:19:00 |
Thierry Carrez |
ossa: status |
Triaged |
In Progress |
|
2014-06-19 13:09:32 |
Tristan Cacqueray |
ossa: status |
In Progress |
Fix Committed |
|
2014-06-19 13:09:42 |
Tristan Cacqueray |
summary |
www-authenticate value isn't quoted (CVE-2014-3497) |
[OSSA 2014-020] www-authenticate value isn't quoted (CVE-2014-3497) |
|
2014-06-19 14:39:59 |
Tristan Cacqueray |
ossa: assignee |
|
Tristan Cacqueray (tristan-cacqueray) |
|
2014-06-19 14:40:05 |
Tristan Cacqueray |
ossa: status |
Fix Committed |
Fix Released |
|
2014-06-21 09:01:44 |
Thierry Carrez |
swift: status |
Fix Committed |
Fix Released |
|
2014-06-21 09:05:22 |
Thierry Carrez |
swift: milestone |
|
2.0.0 |
|
2014-06-24 13:14:17 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/utopic-proposed/swift |
|
2014-06-25 22:13:42 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-security/swift |
|
2014-06-26 17:46:13 |
NMarcos |
description |
The WWW-Authenticate header value (returned on a 401 response) includes user-supplied strings to indicate the proper auth realm. However, Swift un-quotes the URL and then sets the value in the response. This means that a URL can be constructed that includes new HTML content at the hoster's own domain.
For example:
http://saio:8080/v1/AUTH_infra%0A%0A%3Cb%3EHello%20World%3Cp%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3EYou%20should%20not%20see%20this%3Cp%20style%3D%22display%3A%20hidden%22%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E
The fix is to ensure the www-authenticate value is quoted |
The WWW-Authenticate header value (returned on a 401 response) includes user-supplied strings to indicate the proper auth realm. However, Swift un-quotes the URL and then sets the value in the response. This means that a URL can be constructed that includes new HTML content at the hoster's own domain.
For example:
http://saio:8080/v1/AUTH_infra%0A%0A%3Cb%3EHello%20World%3Cp%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3EYou%20should%20not%20see%20this%3Cp%20style%3D%22display%3A%20hidden%22%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E
The fix is to ensure the www-authenticate value is quoted |
|