|Summary:||ASTERISK-15043: CVE-2008-7220: static-http/prototype.js is vulnerable to "cross-site ajax requests"|
|Reporter:||Jeffrey C. Ollie (jcollie)||Labels:|
|Date Opened:||2009-10-27 12:15:24||Date Closed:||2009-11-04 13:41:59.000-0600|
|Comments:||By: Jeffrey C. Ollie (jcollie) 2009-11-02 15:02:36.000-0600|
Can I just replace static-http/prototype.js with the latest from upstream? I haven't used the HTTP stuff much so I don't know what I would be breaking.
By: Joshua C. Colp (jcolp) 2009-11-04 13:41:59.000-0600
Fixed in 1.4 as of revision 227735, trunk as of revision 227739, 1.6.0 as of revision 227743, 1.6.1 as of revision 227745, and 1.6.2 as of revision 227748. I just grabbed the latest 1.5 and made sure it worked with ajaxdemo.html. Worked fine.