ICEfaces
  1. ICEfaces
  2. ICE-2185

fortify scan ServletRequestResponse HTTP Response Splitting

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.7DR#1
    • Fix Version/s: 1.6.2, 1.7DR#2, 1.7
    • Component/s: Framework
    • Labels:
      None
    • Environment:
      ICEfaces

      Description

      HTTP response corruption can occur if CR or LF are allowed within HTTP headers.

        Activity

        Hide
        Ted Goddard added a comment -

        svn merge -r 14636:14891 ../../../trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/ServletRequestResponse.java core/src/com/icesoft/faces/webapp/http/servlet/ServletRequestResponse.java

        Show
        Ted Goddard added a comment - svn merge -r 14636:14891 ../../../trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/ServletRequestResponse.java core/src/com/icesoft/faces/webapp/http/servlet/ServletRequestResponse.java

          People

          • Assignee:
            Unassigned
            Reporter:
            Ted Goddard
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: