• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Http Response Splitting in Tomcat

 
Ranch Hand
Posts: 134
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

It has been observed that the Tomcat 4.x release was prone to HTTP Response Splitting attack through CRLF injection. I have been studying various security vulnerabilities for a while. Also i am working on developing countermeasures for such vulnerablities.

Now i like to know, whether Tomcat 6.0.2 release has fix for the CRLF injection. I have tried to implement the CRLF injection attack against Tomcat 6.0.2 but i was not successful.

Thanks in advance!!!
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

It has been observed that the Tomcat 4.x release was prone to HTTP Response Splitting attack through CRLF injection.



Could you please cite some reference for this?

Bill
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The best place to check for questions like this is the Tomcat Security Page:
http://tomcat.apache.org/security.html
 
dinesh Venkatesan
Ranch Hand
Posts: 134
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi William,

Could you please cite some reference for this?



Please find the white paper in the following URL.
HTTP Response splitting Vulnerablity in Tomcat 4.1.24

Page No: 9 lists the servers that are prone to Http Response splitting.

thanks,
dinesh.
reply
    Bookmark Topic Watch Topic
  • New Topic