EAP 7/Undertow parses a request cookie incorrectly when a backslash-escaped double quote (\") exists in the quoted cookie value.
- example.jsp
<% Cookie[] cookies = request.getCookies(); for (Cookie cookie: cookies) { out.println("cookie key = " + cookie.getName()); out.println("cookie val = " + cookie.getValue()); } %>
- EAP 7 incorrectly parses the quoted cookie value "my\"value" as my\
$ curl -v http://localhost:8080/test/example.jsp -H 'Cookie: mykey="my\"value"' ... > GET /test/example.jsp HTTP/1.1 > User-Agent: curl/7.29.0 > Host: localhost:8080 > Accept: */* > Cookie: mykey="my\"value" > < HTTP/1.1 200 OK < Connection: keep-alive < X-Powered-By: Undertow/1 < X-Powered-By: JSP/2.3 < Server: JBoss-EAP/7 < .... < cookie key = mykey cookie val = my\
- EAP 6.4 can correctly parse the quoted cookie value "my\"value" as my"value:
$ curl -v http://localhost:8080/test/example.jsp -H 'Cookie: mykey="my\"value"' ... > GET /test/example.jsp HTTP/1.1 > User-Agent: curl/7.29.0 > Host: localhost:8080 > Accept: */* > Cookie: mykey="my\"value" > < HTTP/1.1 200 OK < Server: Apache-Coyote/1.1 < X-Powered-By: JSP/2.2 < ... < cookie key = mykey cookie val = my"value
- clones
-
JBEAP-16053 [GSS](7.2.z) UNDERTOW-1462 - Request cookie is incorrectly parsed when a backslash-escaped double quote exists in the quoted cookie value
-
- Closed
-
- is incorporated by
-
JBEAP-16050 [GSS](7.1.z) Upgrade undertow from 1.4.18.SP11 to 1.4.18.SP12
-
- Resolved
-
- is related to
-
-
- Resolved
-
- links to
