[Bug 64144] New: Add an option for rejecting requests that have both CL and TE

bugzilla Fri, 14 Feb 2020 05:48:40 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=64144


            Bug ID: 64144
           Summary: Add an option for rejecting requests that have both CL
                    and TE
           Product: Tomcat 9
           Version: 9.0.x
          Hardware: PC
                OS: Mac OS X 10.1
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
          Assignee: dev@tomcat.apache.org
          Reporter: violet...@apache.org
  Target Milestone: -----

According https://tools.ietf.org/html/rfc7230#section-3.3.3
If a message is received with both a TE and a CL header field, the TE overrides
the CL. Such a message might indicate an attempt to perform an attack and ought
to be handled as an error.
This feature request is for adding an option for rejecting requests that have
both CL and TE so that Tomcat is protected against misbehaving third-party
components.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64144] New: Add an option for rejecting requests that have both CL and TE

Reply via email to