W3C CSS Validator - Proxying Attack from Philippe Le Hegaret on 2002-09-18 (www-validator-css@w3.org from September 2002)

From: Philippe Le Hegaret <plh@w3.org>
Date: 18 Sep 2002 16:12:13 -0400
To: www-validator-css@w3.org
Message-Id: <1032379934.2910.190.camel@jfouffa>

http://www.securiteam.com/securitynews/5GP0E1P8AK.html

Fixed:
http://dev.w3.org/cvsweb/2002/css-validator/org/w3c/css/util/HTTPURL.java
[[
	    int port = url.getPort();
	    String protocol = url.getProtocol();
	    String file = url.getFile();

	    if (((port < 1024) && (port != 80) && (port > 0))
		|| (!"http".equalsIgnoreCase(protocol))
		|| ((file != null) && (file.indexOf('\n') != -1))) {		
		System.err.println( "[WARNING] : someone is trying to get the file: "
				    + url );
		throw new FileNotFoundException("import " + url +
						": Operation not permitted");
	    }
]]

Server restarted so if the french network works, you should be able to
validate your CSS documents again.

Philippe

Received on Wednesday, 18 September 2002 16:12:14 UTC