| Summary: | ASTERISK-15043: CVE-2008-7220: static-http/prototype.js is vulnerable to "cross-site ajax requests" | ||
| Reporter: | Jeffrey C. Ollie (jcollie) | Labels: | |
| Date Opened: | 2009-10-27 12:15:24 | Date Closed: | 2009-11-04 13:41:59.000-0600 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Core/HTTP |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220 https://bugzilla.redhat.com/show_bug.cgi?id=523277 | ||
| Comments: | By: Jeffrey C. Ollie (jcollie) 2009-11-02 15:02:36.000-0600 Can I just replace static-http/prototype.js with the latest from upstream? I haven't used the HTTP stuff much so I don't know what I would be breaking. By: Joshua C. Colp (jcolp) 2009-11-04 13:41:59.000-0600 Fixed in 1.4 as of revision 227735, trunk as of revision 227739, 1.6.0 as of revision 227743, 1.6.1 as of revision 227745, and 1.6.2 as of revision 227748. I just grabbed the latest 1.5 and made sure it worked with ajaxdemo.html. Worked fine. | ||