DO NOT REPLY [Bug 48157] describe how to disable X-Header trick to attack client cert auth

bugzilla Sat, 07 Nov 2009 09:10:10 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=48157


Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #2 from Mark Thomas <ma...@apache.org> 2009-11-07 09:09:42 GMT ---
Chances are any attempt to filter these out could be defeated and there is
always a risk of a false positive. In addition, there may be other, more
complex, attack vectors that would not be blocked.

I just kicked off a discussion on the dev list. Feel free to join in there.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

DO NOT REPLY [Bug 48157] describe how to disable X-Header trick to attack client cert auth

Reply via email to