Jim Manico wrote:
I'm continuing to do a security review of Tomcat 5.5 for my company. I
noticed that linefeeds get ripped out of header values which stops
header injection attacks cold. Whoever did this, I commend you. Many
other containers do not. You Rock.
Can anyone point me to the code that does this?
It is in a couple of places. It is usually the same code. Searching for the
following should find most of the cases:
replace('\n', ' ').replace('\r', ' ')
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
