GitHub user danobi opened a pull request:
https://github.com/apache/trafficserver/pull/355
YTSATS-659 XSS via Host header for 404
Validate the host header string to prevent malformed hostnames from being
let in.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/danobi/trafficserver TS-4043
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/355.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #355
----
commit db4ad907fb75ee213dffef95bd774f5b14729fa7
Author: Daniel Xu <dl...@yahoo.com>
Date: 2015-11-23T20:35:41Z
YTSATS-659 XSS via Host header for 404
Validate the host header string to prevent malicious javascript
inclusion
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
