Hi Chris,
My application is HTTPS not HTTP and now one of the application security
platforms WhitHatSec raised this vulnerability issue. I tried the above
configuration mentioned but no luck but this configuration advised in
Apache website
http://tomcat.apache.org/tomcat-9.0-doc/config/host.html#
Pradeep,
On 9/10/21 06:19, Pradeep wrote:
Hi Team,
I need your help to fix HTTP Host header attacks.
I'm currently in the process of trying to fix a site vulnerability,
basically it is one type of the "Improper Input Handling" attack.
Let's say my website is www.mywebsite.com and there is hack
On 10/09/2021 16:44, James H. H. Lampert wrote:
Our Tomcat team has been struggling with this issue for a few days:
If a request comes in for https://foo.com/bar.html, which doesn't exist,
then a 404 is returned, and we see a standard Tomcat 404 page.
But if a request comes in for https://foo
Our Tomcat team has been struggling with this issue for a few days:
If a request comes in for https://foo.com/bar.html, which doesn't exist,
then a 404 is returned, and we see a standard Tomcat 404 page.
But if a request comes in for https://foo.com/bar.jsp, which also
doesn't exist, then our
Hi Erik,
Thanks for the report. I'm looking at this now.
I'm testing with a simple index page that references 3 largish images
(~6MB each).
I've found an issue with HTTP/2, sendfile and StackOverflowExcpetion
that I have a local fix for.
With that fix in place, I can see a flow control iss
Hi Team,
I need your help to fix HTTP Host header attacks.
I'm currently in the process of trying to fix a site vulnerability,
basically it is one type of the "Improper Input Handling" attack.
Let's say my website is www.mywebsite.com and there is hacker's website
www.hacker.com
Whenever there is