Module: check_mk
Branch: master
Commit: 31611e42584dd0836ddab2ed80e72bb9aa561443
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=31611e42584dd0…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Jul 4 15:27:14 2014 +0200
SEC index start URL can not be used to redirect to absolute URLs anymore
An attacker could make a user open up an URL to a compromised website which the
does not want to open index.py?start_url=http://(url to compromised URL).
---
.werks/1052 | 10 ++++++++++
ChangeLog | 1 +
web/htdocs/main.py | 5 +++++
3 files changed, 16 insertions(+)
diff --git a/.werks/1052 b/.werks/1052
new file mode 100644
index 0000000..448b622
--- /dev/null
+++ b/.werks/1052
@@ -0,0 +1,10 @@
+Title: index start URL can not be used to redirect to absolute URLs anymore
+Level: 1
+Component: multisite
+Class: security
+State: unknown
+Version: 1.2.5i5
+Date: 1404480323
+
+An attacker could make a user open up an URL to a compromised website which the
+does not want to open index.py?start_url=http://(url to compromised URL).
diff --git a/ChangeLog b/ChangeLog
index 48cb0d8..f10cf0d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,7 @@
* 1013 Sort host names naturally, e.g. foobar11 comes after foobar2...
* 1033 New Mutisite filter for the number of services a host has...
* 0949 quicksearch: now able to search for multiple hosts at once...
+ * 1052 SEC: index start URL can not be used to redirect to absolute URLs anymore...
* 0945 FIX: Sidebar snapin "Problem hosts": Now excludes hosts and services in downtime
* 1036 FIX: doc/treasures/downtime: fix --url option, better error output
diff --git a/web/htdocs/main.py b/web/htdocs/main.py
index c0e4815..338ad16 100644
--- a/web/htdocs/main.py
+++ b/web/htdocs/main.py
@@ -28,6 +28,11 @@ import defaults, config
def page_index():
start_url = html.var("start_url", config.start_url)
+ # Prevent redirecting to absolute URL which could be used to redirect
+ # users to compromised pages
+ if '://' in start_url:
+ start_url = config.start_url
+
# Do not cache the index page -> caching problems when page is accessed
# while not logged in
#html.req.headers_out.add("Cache-Control", "max-age=7200, public");
Module: check_mk
Branch: master
Commit: eca370afbf09341553ef1106e60c5a15eb48416b
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=eca370afbf0934…
Author: Goetz Golla <gg(a)mathias-kettner.de>
Date: Fri Jul 4 14:52:57 2014 +0200
ChangeLog
---
ChangeLog | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 0b06b4f..cafddd8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -59,7 +59,7 @@
* 0988 FIX: livedump: Fix exception in case no contact groups are defined for a service
HW/SW-Inventory:
- * 0625 inventory now read the kernel version and architecture for linux and windows
+ * 0625 hw/sw inventory now reads the kernel version and architecture for linux and windows
* 0167 FIX: mk_inventory.linux: Changed field separator from pipe to tab...
* 1005 FIX: Fix exception when using pretty-print output format
* 0946 FIX: hw/sw inventory: fixed display bug for byte fields with the value 0...
Module: check_mk
Branch: master
Commit: 83bf1bcf0b242122ec9251b636853db4cdb19948
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=83bf1bcf0b2421…
Author: Goetz Golla <gg(a)mathias-kettner.de>
Date: Fri Jul 4 14:49:57 2014 +0200
werk subject corrected
---
.werks/625 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.werks/625 b/.werks/625
index 3e70ba1..429c3b1 100644
--- a/.werks/625
+++ b/.werks/625
@@ -1,4 +1,4 @@
-Title: inventory now read the kernel version and architecture for linux and windows
+Title: hw/sw inventory now reads the kernel version and architecture for linux and windows
Level: 1
Component: inv
Version: 1.2.5i5