https://issues.apache.org/bugzilla/show_bug.cgi?id=55918

            Bug ID: 55918
           Summary: CTL characters may appear in quoted values for RFC2109
                    V1 cookies
           Product: Tomcat 8
           Version: trunk
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
          Assignee: [email protected]
          Reporter: [email protected]

If a V1 cookie contains a CTL character in a quoted value, no error is logged
or raised. This differs from CTLs in unquoted values that result in an
IllegalArgumentException and a 500 response.

Example:
Cookie: $Version=1; foo="b_BS_r"
where _BS_ is a BS character (0x08)

RFC2109 allows the value to be "quoted-string" which from RFC2616 may contain
TEXT which must not contain CTLs.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to