Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-1344

Possible response split in SlingSafeMethodsServlet

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Not A Problem
    • API 2.0.8
    • API 2.1.0
    • API
    • None

    Description

      Headers in the doTrace method are echoed to the response, making it potentially possible to split a response.
      Would suggest encoding the headers both name part and value part correctly

      IIRC Value part should be URIEncoded ?

      but name part Eliminate values outside 33 - 126 as per rfc 822 ?

      Attachments

        Activity

          People

            ianeboston Ian Boston
            ianeboston Ian Boston
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: