DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=36569>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=36569 Summary: Redirects produce illegal URL's Product: Tomcat 5 Version: 5.5.9 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Unknown AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] When an HTTP request includes query string parameters whose values include spaces and this request is redirected, Tomcat can produce a redirect location that has unescaped spaces because the reconstructed URL contains a query string whose components have not been url-encoded. This has predictably bad results when used without repairing the URL. It is likely that other escaping is also not done which could conceivably be used used in an injection attack of some kind. Browsers such as firefox can and do partially compensate for this, but they can't deal with all cases since unescaped /'s, ?'s and &'s can't reliably be distinguished from the functional versions of these characters. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
