Well, my anonymous reader is back with additional comments about the new Rockwell advisory page. He sees the new advisories now but there appears to be a problem with the URL for the website. So I played with it some, and there is definitely something odd here:
Let’s start with the URL that I have been using for the site:
I tried this again this morning, and yep, the three newest advisories are at the top of the page.
But the ‘?sort=pubAsc’ portion of the URL really should not make much difference so I tried it without those characters:
When you enter that URL to a new window the site automatically
adds the characters back in. But the three newest advisories are not listed on
the page. If you then reload the page, voila, the three newest advisories are
there. I have played with a couple of other changes to the post ‘?” portion of
the URL and some odd things happen to the URL after it finishes loading, but
the three new advisories remain on the page. I suspect that there is something
wrong with how the site handles these URL’s, but it will take a better hacker
than I (or at least one with more time) to figure out if this ‘problem’ is
actually a vulnerability.
Posts
No comments:
Post a Comment