tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pankaj jairath <pjair...@yahoo-inc.com>
Subject XSS vulnerability in Tomcat Host Header
Date Wed, 22 Jul 2009 07:59:36 GMT
Hello,

I am using Tomcat 6.0.18 and have hit XSS issue, where in tweaked Host 
header containing XSS is processed by the server.  I suppose some 
validation check should be done on the Host value to prevent such an attack.

Appreciate any inputs are to whether this issue has been fixed ?.

regards
Pankaj


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message