Hi, thanks for reporting this issue. It appears this is caused by the patch for CVE-2016-6816 which tightened the validation rules for invalid characters. Unfortunately, it appears the pipe character was commonly used even though it is contrary to RFCs.
There is a bug upstream about the issue, which I've linked to this bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=60594 Ideally, your application should be modified to not use the invalid character, or if that isn't possible, downgrading the package could be a workaround until we see if upstream makes the more strict validation optional or not. ** Bug watch added: bz.apache.org/bugzilla/ #60594 https://bz.apache.org/bugzilla/show_bug.cgi?id=60594 ** Also affects: tomcat7 via https://bz.apache.org/bugzilla/show_bug.cgi?id=60594 Importance: Unknown Status: Unknown ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6816 ** Changed in: tomcat7 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1659124 Title: tomcat7 does not handle request uri containig special characters To manage notifications about this bug go to: https://bugs.launchpad.net/tomcat7/+bug/1659124/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
