users@servlet-spec.java.net

[servlet-spec users] [jsr340-experts] security concern (protocol parameter parsing order)

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Wenbo Zhu <wenbozhu_at_gmail.com>
Date: Fri, 29 Jun 2012 22:13:42 -0700

Page 23, Section 3.1

"
Data from the query string and the post body are aggregated into the
request
parameter set. Query string data is presented before post body data.
"

Attached is a short write-up from Tommy (cc'ed) on the underlying security
issue.

Comments?

- Wenbo

application/pdf attachment: OnParameterPollutionAttacks.pdf

This message: [ Message body ]
Next message: Greg Wilkins: "[servlet-spec users] [jsr340-experts] Re: Servlet 3.1 EDR updated draft"
Previous message: Rajiv Mordani: "[servlet-spec users] [jsr340-experts] Change over to JCP 2.8"
Next in thread: Mark Thomas: "[servlet-spec users] [jsr340-experts] Re: security concern (protocol parameter parsing order)"
Reply: Mark Thomas: "[servlet-spec users] [jsr340-experts] Re: security concern (protocol parameter parsing order)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]