[asterisk-bugs] [Asterisk 0016139]: CVE-2008-7220: static-http/prototype.js is vulnerable to "cross-site ajax requests"
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Nov 2 15:02:36 CST 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=16139
======================================================================
Reported By: jcollie
Assigned To: file
======================================================================
Project: Asterisk
Issue ID: 16139
Category: Core/HTTP
Reproducibility: always
Severity: major
Priority: normal
Status: assigned
Asterisk Version: SVN
JIRA: SWP-254
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2009-10-27 12:15 CDT
Last Modified: 2009-11-02 15:02 CST
======================================================================
Summary: CVE-2008-7220: static-http/prototype.js is
vulnerable to "cross-site ajax requests"
Description:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
https://bugzilla.redhat.com/show_bug.cgi?id=523277
======================================================================
----------------------------------------------------------------------
(0113004) jcollie (manager) - 2009-11-02 15:02
https://issues.asterisk.org/view.php?id=16139#c113004
----------------------------------------------------------------------
Can I just replace static-http/prototype.js with the latest from upstream?
I haven't used the HTTP stuff much so I don't know what I would be
breaking.
Issue History
Date Modified Username Field Change
======================================================================
2009-11-02 15:02 jcollie Note Added: 0113004
======================================================================
More information about the asterisk-bugs
mailing list