You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2023/05/05 02:30:51 UTC

[Bug 66593] Connector attribute allowHostHeaderMismatch=false fails to reject host header injection attacks

https://bz.apache.org/bugzilla/show_bug.cgi?id=66593

--- Comment #1 from Han Li <li...@apache.org> ---
> Could you please clarify if I am miss-understanding something? 
Sure, If you read doc carefully, you will find which compare one host in
`request line
> I did read that telnet makes it work. However, I am puzzled that with the curl command
> it is not.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org