Hi All!
First, let me assure everyone that I am not a hacker, exactly the opposite, but
I have a related problem. I am in the process of implementing code that
protects against header manipulation. I created a filter that strips line feed
and carriage return characters from requests to avoid header splitting. The
thing is, I want to test it, and can't recreate the issue with Tomcat.
When I insert this code in my jsp:
String attack = "name=Bad Hacker\r\nHTTP/1.1 404 Page not found\r\n...";
response.setHeader("Set-Cookie", attack);
The returned request is returned like this:
Set-Cookie: author=Wiley Hacker HTTP/1.1 404 Page not found ...\r\n
As you can see all the CRLF have been replaced with whitespaces. I'm assuming
Tomcat is doing this, but I can't find where, even after looking through the
code and reading the documentation. Does anyone know anything about this? Is
there any way to turn this off? I can't test my code when it's in place.
Alternatively if anyone has any other solution as to how to test it, I would be
most grateful.
Thanks!
Btw, I'm using Tomcat 6.0.32
