[Bug 55095] isV0Separator method fail on production environment - IllegalArgumentException : Control character in cookie value or attribute.

bugzilla Wed, 12 Jun 2013 09:32:54 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=55095


Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
The HTTP header is not valid and that is before Tomcat even tries to parse it
as a cookie header. There is no way to bypass this check and no such option
will be added because of the potential security issues associated with control
characters in HTTP headers.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 55095] isV0Separator method fail on production environment - IllegalArgumentException : Control character in cookie value or attribute.

Reply via email to