Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Http Response Splitting in Tomcat

 
dinesh Venkatesan
Ranch Hand
Posts: 134
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

It has been observed that the Tomcat 4.x release was prone to HTTP Response Splitting attack through CRLF injection. I have been studying various security vulnerabilities for a while. Also i am working on developing countermeasures for such vulnerablities.

Now i like to know, whether Tomcat 6.0.2 release has fix for the CRLF injection. I have tried to implement the CRLF injection attack against Tomcat 6.0.2 but i was not successful.

Thanks in advance!!!
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13062
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It has been observed that the Tomcat 4.x release was prone to HTTP Response Splitting attack through CRLF injection.


Could you please cite some reference for this?

Bill
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The best place to check for questions like this is the Tomcat Security Page:
http://tomcat.apache.org/security.html
 
dinesh Venkatesan
Ranch Hand
Posts: 134
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi William,

Could you please cite some reference for this?


Please find the white paper in the following URL.
HTTP Response splitting Vulnerablity in Tomcat 4.1.24

Page No: 9 lists the servers that are prone to Http Response splitting.

thanks,
dinesh.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic