[ICE-2185] fortify scan ServletRequestResponse HTTP Response Splitting - ICEsoft JIRA Issue Tracker

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.7DR#1
Fix Version/s: 1.6.2, 1.7DR#2, 1.7
Component/s: Framework
Labels:
None
Environment:
ICEfaces

Description

HTTP response corruption can occur if CR or LF are allowed within HTTP headers.

Activity

Ascending order - Click to sort in descending order

Repository	Revision	Date	User	Message
ICEsoft Public SVN Repository	#14891	Thu Oct 04 16:46:07 MDT 2007	ted.goddard	CR and LF removed from HTTP headers to avoid response splitting (~~ICE-2185~~)
				Files Changed
				MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/ServletRequestResponse.java

Ted Goddard created issue - 04/Oct/07 5:44 PM

Ted Goddard made changes - 04/Oct/07 5:44 PM

Field	Original Value	New Value
Security		Private [ 10001 ]

Ted Goddard made changes - 04/Oct/07 5:50 PM

Assignee

Mircea Toma [ mircea.toma ]

Ken Fyten made changes - 05/Oct/07 3:56 PM

Fix Version/s

1.7DR#2 [ 10110 ]

Ken Fyten made changes - 05/Oct/07 3:56 PM

Status	Open [ 1 ]	Resolved [ 5 ]
Resolution		Fixed [ 1 ]

Ken Fyten made changes - 23/Oct/07 12:09 PM

Fix Version/s		1.6.2 [ 10111 ]
Assignee	Mircea Toma [ mircea.toma ]	Ted Goddard [ ted.goddard ]

Ken Fyten made changes - 23/Oct/07 12:10 PM

Resolution	Fixed [ 1 ]
Status	Resolved [ 5 ]	Reopened [ 4 ]

Repository	Revision	Date	User	Message
ICEsoft Public SVN Repository	#15021	Wed Oct 24 16:50:27 MDT 2007	ted.goddard	CR and LF removed from HTTP headers to avoid response splitting (~~ICE-2185~~)
				Files Changed
				MODIFY /icefaces/branches/icefaces-1.6/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/ServletRequestResponse.java

Hide

Permalink

Ted Goddard added a comment - 24/Oct/07 5:52 PM

svn merge -r 14636:14891 ../../../trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/ServletRequestResponse.java core/src/com/icesoft/faces/webapp/http/servlet/ServletRequestResponse.java

Show

Ted Goddard added a comment - 24/Oct/07 5:52 PM svn merge -r 14636:14891 ../../../trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/ServletRequestResponse.java core/src/com/icesoft/faces/webapp/http/servlet/ServletRequestResponse.java

Ted Goddard made changes - 24/Oct/07 5:52 PM

Status	Reopened [ 4 ]	Resolved [ 5 ]
Resolution		Fixed [ 1 ]

Repository	Revision	Date	User	Message
ICEsoft Public SVN Repository	#15147	Fri Nov 09 16:00:22 MST 2007	ted.goddard	check for null value before stripping CR and LF (~~ICE-2185~~)
				Files Changed
				MODIFY /icefaces/branches/icefaces-1.6/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/ServletRequestResponse.java

Ken Fyten made changes - 14/Apr/08 3:23 PM

Fix Version/s

1.7 [ 10080 ]

Ken Fyten made changes - 14/Apr/08 3:24 PM

Status	Resolved [ 5 ]	Closed [ 6 ]
Assignee	Ted Goddard [ ted.goddard ]

Ken Fyten made changes - 16/Nov/09 11:03 AM

Resolution	Fixed [ 1 ]
Status	Closed [ 6 ]	Reopened [ 4 ]
Security	Private [ 10001 ]

Ken Fyten made changes - 16/Nov/09 11:03 AM

Status	Reopened [ 4 ]	Resolved [ 5 ]
Resolution		Fixed [ 1 ]

Ken Fyten made changes - 16/Nov/09 11:03 AM

Status

Resolved [ 5 ]

Closed [ 6 ]

People

Assignee:

Unassigned

Reporter:

Ted Goddard

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

04/Oct/07 5:44 PM

Updated:

16/Nov/09 11:03 AM

Resolved:

16/Nov/09 11:03 AM