It looks like its updating a map while iterating through the keys to the map.
-Tim
[EMAIL PROTECTED] wrote:
Has anyone successfully installed com.oreilly.tomcat.valves.BadInputFilterValve to help stop XSS attacks?
from: http://safari.oreilly.com/?x=1&mode=section&sortKey=title&sortOrder=asc&view=&g=&catid=&s=1&b=1&f=1&t=1&c=1&u=1&r=&o=1&n=1&d=1&p=1&a=0&xmlid=0-59600-318-8/tomcat-APP-D
We are using tomcat 5.0.28, we've successfully compiled and added the valve element, but every time request parameters are parsed i am stuck with the following error:
java.util.ConcurrentModificationException
at java.util.HashMap$HashIterator.nextEntry(HashMap.java:782)
at java.util.HashMap$KeyIterator.next(HashMap.java:818)
at com.oreilly.tomcat.valves.BadInputFilterValve.filterParameters(BadInputFilterValve.java:487)
at com.oreilly.tomcat.valves.BadInputFilterValve.invoke(BadInputFilterValve.java:344)
at
and of course the valve fails to modify any parameters. if anyone has any ideas on what the problem is/how to fix this please advise.
thanks
Richard Finegan
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
