Issue #2315: Error message while testing Cross-Site scripting nonce parameter. - dogtagpki

dogtagpki

#2315 Error message while testing Cross-Site scripting nonce parameter.

Closed: migrated 3 years ago by dmoluguw. Opened 7 years ago by akahat@redhat.com.

After execution of following URL got unrecoverable error message.

Steps to Reproduce:

1. Authenticate with a CA agent certificate.
2. The following url is being used to test Cross-Site Scripting nonce
parameter.
3. In the browser paste the following url with your CA's host and agent port.

https://hostname:<secure-port>/ca/agent/ca/profileProcess?requestId=%20%2b%20re
questId%20%2b%20&' + recordSet[i].defListSet[j].defId +
'='%20%2b%20escapeValue(recordSet%5bi%5d.defListSet%5bj%5d.defVal)%20%2b%
20'&' + recordSet[i].defListSet[j].defId + '='%20%2b%20recordSet%5bi%
5d.defListSet%5bj%5d.defVal%20%2b%20'&' + recordSet[i].defListSet[j].defId +
'='%20%2b%20recordSet%5bi%5d.defListSet%5bj%5d.defVal%20%2b%20'&' +
recordSet[i].defListSet[j].defId + '='%20%2b%20recordSet%5bi%5d.defListSet%
5bj%5d.defVal%20%2b%20'&' + recordSet[i].defListSet[j].defId + '=%20%2b%20c%
5bk%5d%20%2b%20&' + recordSet[i].defListSet[j].defId +
'=false&requestNotes='%20%2b%20requestNotes%20%2b%20'&op=unassign&nonce=
%5c%22%22%3c%73%43%72%49%70%54%3e%61%6c%65%72%74%28%35%31%32%31%33%29%3c%2f%
73%43%72%49%70%54%3e&submit=submit

Actual results:

The Certificate System has encountered an unrecoverable error.

Error Message:

java.lang.NumberFormatException: Illegal embedded sign character

Please contact your local administrator for assistance.

Expected Results:

Request Information
===============================================
| Error Code:       | 1                       |
===============================================
| Error Reason:     | Operation Not Found     |
===============================================

mharmsen commented 7 years ago

Per Bug Triage of 05/03/2016: 10.4

NOTE: Discussed and confirmed with aakkiang over IRC.

Metadata Update from @akahat@redhat.com:
- Issue set to the milestone: UNTRIAGED

7 years ago

Metadata Update from @mharmsen:
- Custom field feature adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field version adjusted to None
- Issue close_status updated to: None
- Issue set to the milestone: FUTURE (was: UNTRIAGED)

6 years ago

Metadata Update from @mharmsen:
- Issue priority set to: minor (was: major)
- Issue set to the milestone: 10.6 (was: FUTURE)

6 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2435

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

minor

Milestone

10.6

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1317394

type

defect

version

None

keywords

None

estimate

None

feature

None

origin

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

General

proposedmilestone

None

dogtagpki

Source Code

#2315 Error message while testing Cross-Site scripting nonce parameter. Closed: migrated 3 years ago by dmoluguw. Opened 7 years ago by akahat@redhat.com.

Metadata

#2315 Error message while testing Cross-Site scripting nonce parameter.

Closed: migrated 3 years ago by dmoluguw. Opened 7 years ago by akahat@redhat.com.