[VIM] CVE-2013-1571 Javadoc
Art Manion
amanion at cert.org
Thu Jun 27 16:50:15 CDT 2013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
"Oracle has not commented on claims from another vendor that this issue
is related to frame injection in HTML that is generated by Javadoc."
http://www.kb.cert.org/vuls/id/225657
We're pretty confident that the problem is frame injection in html
generated by Javadoc. Previous javascript included a check for ":" that
broke obvious XSS attacks (possibly CVE-2007-3503), but it allowed
?//www.example.com (scheme-relative URI or network-path reference).
- Art
More information about the VIM
mailing list