[Bug 59627] request.getRequestURL() does not check if host header value is a valid hostname format

bugzilla Tue, 24 May 2016 11:02:45 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=59627


Remy Maucherat <r...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEW                         |RESOLVED

--- Comment #1 from Remy Maucherat <r...@apache.org> ---
It is up to you to do the appropriate filtering when writing back any user
data. Same for getHeader, etc etc etc, the list is virtually endless.

Please never attempt to report possible security issues through BZ, Tomcat has
a dedicated security mailing list where confidentiality can be maintained.
http://tomcat.apache.org/security.html

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59627] request.getRequestURL() does not check if host header value is a valid hostname format

Reply via email to