Thank you very much, Mark and Filip.
- Jim
Jim Manico wrote:
I'm continuing to do a security review of Tomcat 5.5 for my company.
I noticed that linefeeds get ripped out of header values which stops
header injection attacks cold. Whoever did this, I commend you. Many
other containers do not.
Jim Manico wrote:
I'm continuing to do a security review of Tomcat 5.5 for my company. I
noticed that linefeeds get ripped out of header values which stops
header injection attacks cold. Whoever did this, I commend you. Many
other containers do not. You Rock.
InternalInputBuffer.java
InternalA
Jim Manico wrote:
I'm continuing to do a security review of Tomcat 5.5 for my company. I
noticed that linefeeds get ripped out of header values which stops
header injection attacks cold. Whoever did this, I commend you. Many
other containers do not. You Rock.
Can anyone point me to the code t
I'm continuing to do a security review of Tomcat 5.5 for my company. I
noticed that linefeeds get ripped out of header values which stops
header injection attacks cold. Whoever did this, I commend you. Many
other containers do not. You Rock.
Can anyone point me to the code that does this?
Bes
