File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes Http Response Splitting in Tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Http Response Splitting in Tomcat " Watch "Http Response Splitting in Tomcat " New topic
Author

Http Response Splitting in Tomcat

dinesh Venkatesan
Ranch Hand

Joined: Oct 12, 2006
Posts: 134
Hi All,

It has been observed that the Tomcat 4.x release was prone to HTTP Response Splitting attack through CRLF injection. I have been studying various security vulnerabilities for a while. Also i am working on developing countermeasures for such vulnerablities.

Now i like to know, whether Tomcat 6.0.2 release has fix for the CRLF injection. I have tried to implement the CRLF injection attack against Tomcat 6.0.2 but i was not successful.

Thanks in advance!!!
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12784
    
    5
It has been observed that the Tomcat 4.x release was prone to HTTP Response Splitting attack through CRLF injection.


Could you please cite some reference for this?

Bill
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

The best place to check for questions like this is the Tomcat Security Page:
http://tomcat.apache.org/security.html


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
dinesh Venkatesan
Ranch Hand

Joined: Oct 12, 2006
Posts: 134
Hi William,

Could you please cite some reference for this?


Please find the white paper in the following URL.
HTTP Response splitting Vulnerablity in Tomcat 4.1.24

Page No: 9 lists the servers that are prone to Http Response splitting.

thanks,
dinesh.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Http Response Splitting in Tomcat