[Framework-Team] HTTP parameter polution

Andreas Jung lists at zopyx.com
Wed May 20 04:26:07 UTC 2009


On 20.05.09 06:23, Steve McMahon wrote:
> The paper mentions Plone, but all they found is that Plone rejects the
> bad input but "Since this error generates
> ~100 lines in the log file, it may be used to obfuscate other
> attacks." I found no serious vulnerability claim.

Thanks Steve for cross-checking...another security marketing argument
for promoting Zope & Plone.

Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lists.vcf
Type: text/x-vcard
Size: 316 bytes
Desc: not available
URL: <http://lists.plone.org/pipermail/plone-framework-team/attachments/20090520/4c6c2e38/attachment.vcf>


More information about the Framework-Team mailing list