The short answers are:
1. No
2. No
The longer answer is:
This is categorically *not* a security issue with Tomcat. I have tested
this and Tomcat continues to operate correctly after a request with a
very long host header. This looks to me like an issue with your daemon.
And a few tips for
Hi,
We are using Tomcat 4.0.4 in our product. We have a daemon which is a wrapper
around the tomcat.
We are facing one security issue with the Tomcat. If we send a HTTP packet with
a long string in the Host field, it closes the connection.
EX:
telnet machine port on which tomcat is running