tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pankaj jairath <>
Subject XSS vulnerability in Tomcat Host Header
Date Wed, 22 Jul 2009 07:59:36 GMT

I am using Tomcat 6.0.18 and have hit XSS issue, where in tweaked Host 
header containing XSS is processed by the server.  I suppose some 
validation check should be done on the Host value to prevent such an attack.

Appreciate any inputs are to whether this issue has been fixed ?.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message