You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by werehuman <gi...@git.apache.org> on 2017/12/14 10:54:44 UTC

[GitHub] httpcomponents-core pull request #55: Fix request splitting

GitHub user werehuman opened a pull request:

    https://github.com/apache/httpcomponents-core/pull/55

    Fix request splitting

    If user has access to any header value, he can add any additional malicious header, like `Host`, `X-Forwarded-Host` or even make another HTTP request.
    
    http://projects.webappsec.org/w/page/13246929/HTTP%20Request%20Splitting

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/werehuman/httpcomponents-core request-splitting

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/httpcomponents-core/pull/55.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #55
    
----
commit 42617ef4d4e9c2b6e6f43a610317df9f3975ce17
Author: Vladimir Lagunov <la...@yandex-team.ru>
Date:   2017-12-14T10:46:04Z

    fix request splitting in BasicLineFormatter

----


---

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

[GitHub] httpcomponents-core pull request #55: Fix request splitting

Posted by werehuman <gi...@git.apache.org>.

Github user werehuman closed the pull request at:

    https://github.com/apache/httpcomponents-core/pull/55


---

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org