There isn't anything here that indicates there there is a problem for
Tomcat to solve.
You appear to be using a tool provided by Cisco. I suggest you contact
Cisco for support.
If you still believe that there is a Tomcat issue here please provide:
- Full details (including HTTP headers) of a request that triggers the
issue
- Full details of how the response differs from what you expect
Generally, I'll note that in the default configuration, Tomcat will
route all requests to the default host irrespective of the value
presented in the Host header.
Mark
On 14/12/2022 13:00, Ragavendhiran Bhiman (rabhiman) wrote:
Hi All,
I am facing one issue related to host header manipulation changing the host
header is chaning the url itself. This attack is done via the burp suite tool.
I have copied the current configuration here as you could see the default
hostname is defined and apBase is provided.
The attack is happening only before the admin login page. Any pages displayed
after the login the host header manipulation is not happening. Kindly advise me
how to fix this problem from apache side.