[bugs] [Bug 1161] Changed - Security hole related to HTTP_REFERER
bugs at bugs.horde.org
bugs at bugs.horde.org
Wed Jan 29 16:33:22 PST 2003
http://bugs.horde.org/show_bug.cgi?id=1161
*** shadow/1161 Wed Jan 29 16:04:56 2003
--- shadow/1161.tmp.17905 Wed Jan 29 16:33:22 2003
***************
*** 3,10 ****
Version: 2.1 Unstable
Platform: Mozilla 5.x
OS/Version: other
! Status: NEW
! Resolution:
Severity: major
Priority: P2
Component: IMP
--- 3,10 ----
Version: 2.1 Unstable
Platform: Mozilla 5.x
OS/Version: other
! Status: RESOLVED
! Resolution: WONTFIX
Severity: major
Priority: P2
Component: IMP
***************
*** 32,34 ****
--- 32,39 ----
------- Additional Comments From jroberts at forumone.com 01/29/03 16:04 -------
*** Bug 1160 has been marked as a duplicate of this bug. ***
+
+ ------- Additional Comments From chuck at horde.org 01/29/03 16:33 -------
+ This is why people should use cookie-based sessions. I don't consider this a
+ valid hole in IMP; if people use url-based sessions, this is what they open
+ themselves up to.
More information about the bugs
mailing list