b8eb8b3581
The patch fixes the HTTP verb tampering issue. The idea is to disable unnecessary HTTP methods for the Horizon. You can find a link to the description [0] and a link to the White Paper [1] below: CAPEC-274: HTTP Verb Tampering [0] https://capec.mitre.org/data/definitions/274.html Bypassing Web Authentication and Authorization with HTTP Verb Tampering (Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf) [1] https://dl.packetstormsecurity.net/papers/web/Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf Change-Id: I98169973410bc1dce779ac1e870256b9a45d2cc8 |
||
|---|---|---|
| .. | ||
| _db-sync.sh.tpl | ||
| _django.wsgi.tpl | ||
| _horizon.sh.tpl | ||
| _manage.py.tpl | ||