https://bz.apache.org/bugzilla/show_bug.cgi?id=59627
--- Comment #2 from Mark Thomas <ma...@apache.org> --- There is another reason this issue is invalid. It can only happen with a malicious client. A normal client will never connect to a server while sending a host header for something that it can't resolve to an IP address. It takes a malicious client to do that. If an attacker has managed to install a malicious client on a vicim's PC it is game over before the first byte is sent to the server. If the attacker has installed this on their own machine then they are free to attack themselves - and we don't care about that. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
