Prevent HTTP Response splitting in case the server doesn't (#19611) - vaadin-framework.git - Vaadin 6, 7, 8 is a Java framework for modern Java web applications: https://github.com/vaadin/framework

diff options

author	Leif Åstrand <leif@vaadin.com>	2014-12-10 10:49:45 +0200
committer	Teemu Suo-Anttila <teemusa@vaadin.com>	2016-02-17 16:42:42 +0200
commit	cb8048312e0d3ee2b49fbef601b6268e6dbf6ab0 (patch)
tree	0c1678dbe40044ee0ccf1a845846f827a752d080 /README.md
parent	ebc12cddcab02488c28ba234aeadc0cb4afa7d45 (diff)
download	vaadin-framework-cb8048312e0d3ee2b49fbef601b6268e6dbf6ab0.tar.gz vaadin-framework-cb8048312e0d3ee2b49fbef601b6268e6dbf6ab0.zip

Prevent HTTP Response splitting in case the server doesn't (#19611)7.6.3

Prevent user-provided input used in the redirect from containing newline characters as the user agent would interpret subsequent parts of the input as additional headers or the actual HTTP payload. At least modern versions of Tomcat and Jetty already protect against this kind of attack by escaping received header values, but that is not necessarily the case for older versions or other servlet engines. See https://www.owasp.org/index.php/HTTP_Response_Splitting for details. Change-Id: I7a56fe2faeaa738aff964cf754e3f7b0f66181dc

Diffstat (limited to 'README.md')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: