https://issues.apache.org/bugzilla/show_bug.cgi?id=55918
Bug ID: 55918
Summary: CTL characters may appear in quoted values for RFC2109
V1 cookies
Product: Tomcat 8
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: jboy...@apache.org
If a V1 cookie contains a CTL character in a quoted value, no error is logged
or raised. This differs from CTLs in unquoted values that result in an
IllegalArgumentException and a 500 response.
Example:
Cookie: $Version=1; foo="b_BS_r"
where _BS_ is a BS character (0x08)
RFC2109 allows the value to be "quoted-string" which from RFC2616 may contain
TEXT which must not contain CTLs.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
