September 04, 2011 3:10 PM
To: Tomcat Users List
Subject: Re: CRLF Stripped in Tomcat Response Header
On 04/09/2011 12:16, Nadav Katz wrote:
> Sorry Mark, I just noticed your input regarding the filter. I am
> really only worried about attackers tampering with request headers.
> The re
tor). Again,
> any input you might have would be welcome. Thanks Again, Nadav
I don't think the attack you are describing can possibly succeed.
Mark
>
> -Original Message- From: Mark Thomas
> [mailto:ma...@apache.org] Sent: Sunday, September 04, 2011 12:58 PM
> To: Tomc
manipulated with
attack code (using an interceptor). Again, any input you might have would be
welcome.
Thanks Again,
Nadav
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Sunday, September 04, 2011 12:58 PM
To: Tomcat Users List
Subject: Re: CRLF Stripped in Tomcat
, September 04, 2011 12:58 PM
To: Tomcat Users List
Subject: Re: CRLF Stripped in Tomcat Response Header
On 04/09/2011 05:54, Nadav Katz wrote:
> Hi All!
>
> First, let me assure everyone that I am not a hacker, exactly the
> opposite, but I have a related problem. I am in the process of
&g
On 04/09/2011 05:54, Nadav Katz wrote:
> Hi All!
>
> First, let me assure everyone that I am not a hacker, exactly the
> opposite, but I have a related problem. I am in the process of
> implementing code that protects against header manipulation. I
> created a filter that strips line feed and carr
Hi All!
First, let me assure everyone that I am not a hacker, exactly the opposite, but
I have a related problem. I am in the process of implementing code that
protects against header manipulation. I created a filter that strips line feed
and carriage return characters from requests to avoid he
