MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
MISP/app/Controller
History
iglocska afdcc1af0c Fixed a security issue with the CSRF protection being avoidable using some site admin functionality 
- as discovered and reported by Egidio Romano of Minded Security

- Lacking checks of HTTP methods in some functionality could lead to a site admin uploading and executing malicious scripts

- Tightened HTTP method verification across the board for actions that modify data
- Turned some administrative tasks to POST only actions
 		2015-11-13 23:57:03 +01:00
..
Component Improved logging, fixes #695 2015-11-08 22:35:46 +01:00
AppController.php Fixed a security issue with the CSRF protection being avoidable using some site admin functionality 2015-11-13 23:57:03 +01:00
AttributesController.php Fixed a security issue with the CSRF protection being avoidable using some site admin functionality 2015-11-13 23:57:03 +01:00
EventBlacklistsController.php
EventsController.php Fixed a security issue with the CSRF protection being avoidable using some site admin functionality 2015-11-13 23:57:03 +01:00
JobsController.php
LogsController.php Improved logging, fixes #695 2015-11-08 22:35:46 +01:00
PagesController.php Fix to an issue with the calendar and added view to help with gitbook page generation 2015-10-08 10:00:42 +02:00
PostsController.php
RegexpController.php Fixed a security issue with the CSRF protection being avoidable using some site admin functionality 2015-11-13 23:57:03 +01:00
RolesController.php
ServersController.php Fixed a security issue with the CSRF protection being avoidable using some site admin functionality 2015-11-13 23:57:03 +01:00
ShadowAttributesController.php Fixed a security issue with the CSRF protection being avoidable using some site admin functionality 2015-11-13 23:57:03 +01:00
TagsController.php Tagging added to the API 2015-10-30 16:28:51 +01:00
TasksController.php
TemplateElementsController.php
TemplatesController.php
ThreadsController.php
UsersController.php Fixed a security issue with the CSRF protection being avoidable using some site admin functionality 2015-11-13 23:57:03 +01:00
WhitelistsController.php