You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by werehuman <gi...@git.apache.org> on 2017/12/14 10:54:44 UTC
[GitHub] httpcomponents-core pull request #55: Fix request splitting
GitHub user werehuman opened a pull request:
https://github.com/apache/httpcomponents-core/pull/55
Fix request splitting
If user has access to any header value, he can add any additional malicious header, like `Host`, `X-Forwarded-Host` or even make another HTTP request.
http://projects.webappsec.org/w/page/13246929/HTTP%20Request%20Splitting
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/werehuman/httpcomponents-core request-splitting
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/httpcomponents-core/pull/55.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #55
----
commit 42617ef4d4e9c2b6e6f43a610317df9f3975ce17
Author: Vladimir Lagunov <la...@yandex-team.ru>
Date: 2017-12-14T10:46:04Z
fix request splitting in BasicLineFormatter
----
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[GitHub] httpcomponents-core pull request #55: Fix request splitting
Posted by werehuman <gi...@git.apache.org>.
Github user werehuman closed the pull request at:
https://github.com/apache/httpcomponents-core/pull/55
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org