Web services accessible without authentication
Description
Activity
Show:
Samuel KongJuly 4, 2012 at 2:28 AM
The code for this ticket was committed under , , .
Fixed
Details
Assignee
SE SupportSE SupportReporter
Samuel KongSamuel Kong(Deactivated)Components
Affects versions
Priority
Medium
Details
Details
Assignee
SE SupportReporter
Samuel KongComponents
Affects versions
Priority
MediumZendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Created July 4, 2012 at 2:27 AM
Updated June 24, 2023 at 4:00 PM
Resolved July 4, 2012 at 2:30 AM
By carefully constructing a HTTP POST request, an attacker can execute any of the portal's web services. This vulnerability allows the attacker to circumvent both the permission system and the protection provided by the SecureFilter's portal properties:
xxx.servlet.hosts.allowed
xxx.servlet.https.required