[Framework-Team] HTTP parameter polution

Steve McMahon steve at dcn.org
Wed May 20 04:23:17 UTC 2009


The paper mentions Plone, but all they found is that Plone rejects the
bad input but "Since this error generates
~100 lines in the log file, it may be used to obfuscate other
attacks." I found no serious vulnerability claim.

On Tue, May 19, 2009 at 8:59 PM, Jon Stahl <jon at onenw.org> wrote:
> Andreas Jung wrote:
>>
>> Hi there,
>>
>> just read this article (in German) about a new attack pattern called
>> HTTP parameter polution and they mention Plone:
>>
>>
>> http://www.linux-community.de/Internal/Nachrichten/Webanwendungen-mit-HTTP-Parameter-Pollution-angreifen
>>
>> Anyone heard of this?
>>
>>
>>
>
> http://seclists.org/bugtraq/2009/May/0165.html seems to be a good starting
> point.
>
> :jon
>
>
> _______________________________________________
> Framework-Team mailing list
> Framework-Team at lists.plone.org
> http://lists.plone.org/mailman/listinfo/framework-team
>



-- 

Steve McMahon
Reid-McMahon, LLC
steve at reidmcmahon.com
steve at dcn.org




More information about the Framework-Team mailing list