pankaj jairath wrote: > Hello, > > I am using Tomcat 6.0.18 and have hit XSS issue, where in tweaked Host > header containing XSS is processed by the server. I suppose some > validation check should be done on the Host value to prevent such an > attack. > > Appreciate any inputs are to whether this issue has been fixed ?.
You'll need to provide more details. Nothing stands out from the security pages. Please provide step by step instructions to reproduce from a clean Tomcat installation. Please also note that potential security vulnerabilities should be reported privately (see http://tomcat.apache.org/security.html), rather than to a public list. Since you have posted to a public list, there is no point continuing in private. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
