Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fortify Issue: Header Manipulation #303

Open
cmheazel opened this issue Jan 9, 2018 · 1 comment
Open

Fortify Issue: Header Manipulation #303

cmheazel opened this issue Jan 9, 2018 · 1 comment
Assignees
@cmheazel
Labels
question

Comments

@cmheazel
Copy link
Contributor

cmheazel commented Jan 9, 2018

HTTPParser.java copies the Content-Type header from an inbound HTTP stream to an outbound HTTP steam without validating its contents. This opens the door to a number of exploits including cache-poisoning, cross-site scripting, cross-user defacement, page hijacking, cookie manipulation and open redirect. Planned solution is to use regular expressions to validate the mime type prior to copying.
@cmheazel cmheazel added the bug label Jan 9, 2018
@cmheazel cmheazel self-assigned this Jan 9, 2018
@cmheazel
Copy link
Contributor Author

Further investigation suggests that the best solution to this issue is to include argument validation logic in HttpURLConnection for all set operations. However, that class is part of the Java platform and outside of the scope of this source.

Recommendation to the CITE SC: investigate the degree of validation performed by the existing java.net.HttpURLConnection class and promote development of an improved version if necessary.

@cmheazel cmheazel added question and removed bug labels Jan 17, 2018
@dstenger dstenger added this to CITE Aug 1, 2024
@dstenger dstenger moved this to To do in CITE Aug 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cmheazel cmheazel

Labels
question
Projects
CITE
Status: To do
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cmheazel