| commit | 4eb9c2d365e9238566f1155e1db440b7c92da4bb | |
| author | Kai Blin <kai@samba.org> | |
| Fri, 18 Jan 2013 22:11:07 +0000 (18 23:11 +0100) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Wed, 30 Jan 2013 10:38:53 +0000 (30 11:38 +0100) | ||
| tree | 3c26fa3d999743f822580dac15c037803096ee30 | treesnapshot (tar.gz zip) |
| parent | 02396c30db14db3c5177431e48d81202467b9e60 | commitdiff |
swat: Use X-Frame-Options header to avoid clickjacking
Jann Horn reported a potential clickjacking vulnerability in SWAT where
the SWAT page could be embedded into an attacker's page using a frame or
iframe and then used to trick the user to change Samba settings.
Avoid this by telling the browser to refuse the frame embedding via the
X-Frame-Options: DENY header.
Signed-off-by: Kai Blin <kai@samba.org>
Fix bug #9576 - CVE-2013-0213: Clickjacking issue in SWAT.
(cherry picked from commit 71225948a249f079120282740fcc39fd6faa880e)
Jann Horn reported a potential clickjacking vulnerability in SWAT where
the SWAT page could be embedded into an attacker's page using a frame or
iframe and then used to trick the user to change Samba settings.
Avoid this by telling the browser to refuse the frame embedding via the
X-Frame-Options: DENY header.
Signed-off-by: Kai Blin <kai@samba.org>
Fix bug #9576 - CVE-2013-0213: Clickjacking issue in SWAT.
(cherry picked from commit 71225948a249f079120282740fcc39fd6faa880e)
| source3/web/swat.c | diffblobblamehistory |