* Moritz Naumann: > Here's a whitepaper on this issue, called HTTP Response Splitting, in > case you're interested in the backgrounds. > > http://www.packetstormsecurity.org/papers/general/whitepaper_httpresponse.pdf > > The code quoted above makes me, too, think this needs to be taken on.
The whitepaper you referenced describes a vulnerability in web proxies. The sqwebmail vulnerability could be used to exploit it, but then you could also direct the victim to a completely rogue web server under your control. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
