I read an article on the internet that says that Tomcat was found to
accept content-length headers with chunked encoding over any HTTP connector and
multiple content-length headers in a request when using the AJP connector. This
could allow attackers to poison a web-cache, bypass web application firewall
protection, or conduct cross-site scripting attacks. the article is
https://bugzilla.redhat.com/show_bug.cgi?id=1069921 so I want to know
how can I produce this bug again to show the processor of the bug
to my colleague , what should I do to produce the bug again , I
am looking forward for your reply !!! thanks a lot
wangchao
2014/08/22