Impropper sanitisation of attachment filenames allows header injection

XMLWordPrintable

      An attacker can craft a specific attachment filename, or rename the file once it has been uploaded to introduce arbitrary headers into the response stream

        1. Picture 64.png
          Picture 64.png
          37 kB
        2. HeaderSanitisingResponseWrapper.class
          3 kB
        3. HeaderSanitisingFilter.class
          2 kB

              Assignee:
              Andrew Lynch (Inactive)
              Reporter:
              David Cheney (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: