URGENT: Tomcat 7 Aliases

[Victor Rodriguez]

THANKS IN ADVANCE FOR YOUR HELP!

I have abc.war and I want both /abc and /xyz to work for it.  I've tried
adding aliases="/abc=abc.war,/xyz=abc.war" and aliases="/abc=abc,/xyz=abc"
but neither of those worked.  This is how my original context.xml looked
like.




WEB-INF/web.xml
   







-- 
Sent from neither my iPhone nor my iPad.

Malicious Headers

[Victor Rodriguez]

We are using Fortify, which is a static code analysis tool to find
vulnerabilities in your code and it's saying that code might be susceptible
to malicious header injection, such as CRLF.  However, it also says that
"Many of today's modern application servers will prevent the injection of
malicious characters into HTTP headers. For example, recent versions of
Apache Tomcat will throw an IllegalArgumentException if you attempt to set
a header with prohibited characters. If your application server prevents
setting headers with new line characters, then your application is not
vulnerable to HTTP Response Splitting."

Does tomcat prevent the injection of malicious characters into HTTP
headers?  We are currently using Apache Tomcat/7.0.53.  Thanks!

-- 
Sent from neither my iPhone nor my iPad.