You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Aviator Java <ja...@yahoo.co.in> on 2007/04/16 06:43:36 UTC

HTTP Response Splitting in Tomcat - reg.

Hi Friends,
   
  Can anybody tell me whether Tomcat 6.0.2 is immune to Http Response Splitting attack? If so, can anybody help me to know how the security vulnerablity was fixed. Since, I heard that in tomcat 4.x the above mentioned vulnerability was there.
   
  Thanks in Advance!!!

       
---------------------------------
 Check out what you're missing if you're not on Yahoo! Messenger

Re: HTTP Response Splitting in Tomcat - reg.

Posted by Mark Thomas <ma...@apache.org>.

Aviator Java wrote:
> Can anybody tell me whether Tomcat 6.0.2 is immune to Http Response Splitting attack?
Assuming this is CVE-2002-1567, yes, it is immune.

If so, can anybody help me to know how the security vulnerablity was
fixed.
http://tomcat.apache.org/security-4.html

Mark


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org