struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject [SECURITY][ADVICE] File download issue
Date Fri, 07 Nov 2014 08:24:31 GMT
Hello,

Please read the following links [1][2] as your public sites can be
used to attack users' computers. The simplest solution is to be sure
that all your download links define header "Content-disposition:
attachment; filename=myfile.ext", you will find more details at the
end of the pdf

[1] http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html
[2] https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message