[asterisk-bugs] [Asterisk 0016139]: CVE-2008-7220: static-http/prototype.js is vulnerable to "cross-site ajax requests"

Asterisk Bug Tracker noreply at bugs.digium.com
Wed Nov 4 13:41:59 CST 2009 

The following issue has been UPDATED. 
====================================================================== 
https://issues.asterisk.org/view.php?id=16139 
====================================================================== 
Reported By:                jcollie
Assigned To:                file
====================================================================== 
Project:                    Asterisk
Issue ID:                   16139
Category:                   Core/HTTP
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     closed
Asterisk Version:           SVN 
JIRA:                       SWP-254 
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             2009-10-27 12:15 CDT
Last Modified:              2009-11-04 13:41 CST
====================================================================== 
Summary:                    CVE-2008-7220: static-http/prototype.js is
vulnerable to "cross-site ajax requests"
Description: 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
https://bugzilla.redhat.com/show_bug.cgi?id=523277

====================================================================== 

---------------------------------------------------------------------- 
 (0113134) file (administrator) - 2009-11-04 13:41
 https://issues.asterisk.org/view.php?id=16139#c113134 
---------------------------------------------------------------------- 
Fixed in 1.4 as of revision 227735, trunk as of revision 227739, 1.6.0 as
of revision 227743, 1.6.1 as of revision 227745, and 1.6.2 as of revision
227748. I just grabbed the latest 1.5 and made sure it worked with
ajaxdemo.html. Worked fine. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-11-04 13:41 file           Note Added: 0113134                          
2009-11-04 13:41 file           Status                   assigned => resolved
2009-11-04 13:41 file           Resolution               open => fixed       
2009-11-04 13:41 file           Status                   resolved => closed  
======================================================================

More information about the asterisk-bugs mailing list