https://issues.apache.org/bugzilla/show_bug.cgi?id=55918
Bug ID: 55918 Summary: CTL characters may appear in quoted values for RFC2109 V1 cookies Product: Tomcat 8 Version: trunk Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: jboy...@apache.org If a V1 cookie contains a CTL character in a quoted value, no error is logged or raised. This differs from CTLs in unquoted values that result in an IllegalArgumentException and a 500 response. Example: Cookie: $Version=1; foo="b_BS_r" where _BS_ is a BS character (0x08) RFC2109 allows the value to be "quoted-string" which from RFC2616 may contain TEXT which must not contain CTLs. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org