[jira] Resolved: (SLING-1344) Possible response split in SlingSafeMethodsServlet

Ian Boston (JIRA) Thu, 25 Mar 2010 05:50:55 -0700

     [ 
https://issues.apache.org/jira/browse/SLING-1344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ian Boston resolved SLING-1344.
-------------------------------

    Resolution: Not A Problem

Since TRACE is disabled by default this is now a non issue.

> Possible response split in SlingSafeMethodsServlet
> --------------------------------------------------
>
>                 Key: SLING-1344
>                 URL: https://issues.apache.org/jira/browse/SLING-1344
>             Project: Sling
>          Issue Type: Bug
>          Components: API
>    Affects Versions: API 2.0.8
>            Reporter: Ian Boston
>            Assignee: Ian Boston
>             Fix For: API 2.1.0
>
>
> Headers in the doTrace method are echoed to the response, making it 
> potentially possible to split a response. 
> Would suggest encoding the headers both name part and value part correctly
> IIRC Value part should be URIEncoded ?
>  
> but name part Eliminate values outside 33 - 126  as per rfc 822 ?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (SLING-1344) Possible response split in SlingSafeMethodsServlet

Reply via email to