Details
-
Bug
-
Resolution: Done
-
Major
-
1.4.18.SP9, 2.0.16.Final
-
None
Description
EAP 7/Undertow parses a request cookie incorrectly when a backslash-escaped double quote (\") exists in the quoted cookie value.
- example.jsp
<% Cookie[] cookies = request.getCookies(); for (Cookie cookie: cookies) { out.println("cookie key = " + cookie.getName()); out.println("cookie val = " + cookie.getValue()); } %>
- EAP 7 incorrectly parses the quoted cookie value "my\"value" as my\
$ curl -v http://localhost:8080/test/example.jsp -H 'Cookie: mykey="my\"value"' ... > GET /test/example.jsp HTTP/1.1 > User-Agent: curl/7.29.0 > Host: localhost:8080 > Accept: */* > Cookie: mykey="my\"value" > < HTTP/1.1 200 OK < Connection: keep-alive < X-Powered-By: Undertow/1 < X-Powered-By: JSP/2.3 < Server: JBoss-EAP/7 < .... < cookie key = mykey cookie val = my\
- EAP 6.4 can correctly parse the quoted cookie value "my\"value" as my"value:
$ curl -v http://localhost:8080/test/example.jsp -H 'Cookie: mykey="my\"value"' ... > GET /test/example.jsp HTTP/1.1 > User-Agent: curl/7.29.0 > Host: localhost:8080 > Accept: */* > Cookie: mykey="my\"value" > < HTTP/1.1 200 OK < Server: Apache-Coyote/1.1 < X-Powered-By: JSP/2.2 < ... < cookie key = mykey cookie val = my"value
Attachments
Issue Links
- is cloned by
-
-
- Verified
-
- relates to
-
-
- Closed
-