Project

General

Profile

Story #1129

Tomcat needs to be configured to handle \ in URIs

Added by Chad Berkley about 14 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
-
Target version:
Sprint-2010.50
Start date:
2010-12-02
Due date:
% Done:

100%

Story Points:
Sprint:

Description

Tomcat doesn't like \ or its escaped representation (%5C), for security reasons related to proxying. http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10
(the current encoding specification we use escapes \ to %5C)

Subtasks

Task #1130: Need to figure out if we want to configure tomcat to accept \ in a URIClosedRob Nahf

Task #1131: Need to figure out how to enable \ (%5C) in tomcat URIsClosedRob Nahf

History

#1 Updated by Rob Nahf about 14 years ago

  • Position set to 1
  • Target version set to Sprint-2010.49
  • Position deleted (1)

#2 Updated by Dave Vieglais about 14 years ago

  • Target version changed from Sprint-2010.49 to Sprint-2010.50
  • Position deleted (11)
  • Position set to 2

#3 Updated by Rob Nahf about 14 years ago

  • Status changed from New to Closed

configured tomcat to handle escaped backslashes. It might be prudent to check the security hole through a test, to see if it's something we now have to worry about. A separate story will be created for that.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)