Hi Team,
I need your help to fix HTTP Host header attacks.
I'm currently in the process of trying to fix a site vulnerability,
basically it is one type of the "Improper Input Handling" attack.
Let's say my website is www.mywebsite.com and there is hacker's website
www.hacker.com
Whenever there is
Hi Erik,
Thanks for the report. I'm looking at this now.
I'm testing with a simple index page that references 3 largish images
(~6MB each).
I've found an issue with HTTP/2, sendfile and StackOverflowExcpetion
that I have a local fix for.
With that fix in place, I can see a flow control iss
Our Tomcat team has been struggling with this issue for a few days:
If a request comes in for https://foo.com/bar.html, which doesn't exist,
then a 404 is returned, and we see a standard Tomcat 404 page.
But if a request comes in for https://foo.com/bar.jsp, which also
doesn't exist, then our
On 10/09/2021 16:44, James H. H. Lampert wrote:
Our Tomcat team has been struggling with this issue for a few days:
If a request comes in for https://foo.com/bar.html, which doesn't exist,
then a 404 is returned, and we see a standard Tomcat 404 page.
But if a request comes in for https://foo
Pradeep,
On 9/10/21 06:19, Pradeep wrote:
Hi Team,
I need your help to fix HTTP Host header attacks.
I'm currently in the process of trying to fix a site vulnerability,
basically it is one type of the "Improper Input Handling" attack.
Let's say my website is www.mywebsite.com and there is hack
Hi Chris,
My application is HTTPS not HTTP and now one of the application security
platforms WhitHatSec raised this vulnerability issue. I tried the above
configuration mentioned but no luck but this configuration advised in
Apache website
http://tomcat.apache.org/tomcat-9.0-doc/config/host.html#
