Bugtraq mailing list archives
Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous
From: Jim Manico <jim () manico net>
Date: Mon, 08 Jan 2007 10:32:08 -1000
this is client-side stuff.
Yes, but server-side changes can defend against this vulnerability. For my Java/J2EE apps, I took OWASP's suggestion at : http://www.owasp.org/index.php/PDF_Attack_Filter_for_Java_EE And all is well in my world. - Jim PS: And you are right of course about CSRF :) M.B.Jr. wrote:
On 1/3/07, Jim Manico <jim () manico net> wrote:I'm most worried about the CSRF vector.how come? this is client-side stuff.
-- Best Regards, Jim Manico GIAC GSEC Professional, Sun Certified Java Programmer jim () manico net 808.652.3805
Current thread:
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, (continued)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein (Jan 08)
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Tom Spector (Jan 09)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous sven . vetsch (Jan 03)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous pdp (architect) (Jan 03)
- Re: Universal XSS with PDF files: highly dangerous ascii (Jan 03)
- Re: Universal XSS with PDF files: highly dangerous Thierry Zoller (Jan 04)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jean-Jacques Halans (Jan 03)
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Larry Seltzer (Jan 03)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jim Manico (Jan 04)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous RSnake (Jan 04)
- Message not available
- Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jim Manico (Jan 09)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous HASEGAWA Yosuke (Jan 04)
- Re: Universal XSS with PDF files: highly dangerous The Anarcat (Jan 09)
- Re: Universal XSS with PDF files: highly dangerous Jeff Williams (Jan 08)