[GitHub] httpcomponents-core pull request #55: Fix request splitting

werehuman Thu, 14 Dec 2017 02:55:39 -0800

GitHub user werehuman opened a pull request:

    https://github.com/apache/httpcomponents-core/pull/55


    Fix request splitting

    If user has access to any header value, he can add any additional malicious 
header, like `Host`, `X-Forwarded-Host` or even make another HTTP request.
    
    http://projects.webappsec.org/w/page/13246929/HTTP%20Request%20Splitting

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/werehuman/httpcomponents-core 
request-splitting

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/httpcomponents-core/pull/55.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #55
    
----
commit 42617ef4d4e9c2b6e6f43a610317df9f3975ce17
Author: Vladimir Lagunov <[email protected]>
Date:   2017-12-14T10:46:04Z

    fix request splitting in BasicLineFormatter

----


---

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[GitHub] httpcomponents-core pull request #55: Fix request splitting

Reply via email to