Thank you for your help.
As a workaround for Tomcat 8.5.3's strict inspection of the following request parameters and non-escaped "[{", is there a way to prevent 400 errors without correcting the program by avoiding them in the Catalina.properties file?
===Tomcat Release Note===
Ensure that requests with HTTP method names that are not tokens (as required by RFC 7231) are rejected with a400 response. (markt)
=== Equivalent question (it says to escape the program side)
https://stackoverflow.com/questions/41053653/tomcat-8-is-not-able-to-handle-get-request-with-in-query-parameters/41150474
=== On a separate note, the previous tomcat version states that it can be avoided by the following methods.
http://d.hatena.ne.jp/guangda/20091215/1260836855
Thank you for your cooperation.
tomcat
From Tomcat Repository
https://github.com/apache/tomcat80/commit/779d5d34e68e50d2f721897050b147106992f566
markt-asf on 30 Nov 2016 Contributor
It is only a breaking change for clients that are sending non-specific requests. Clients that are't percent encoding | need to be fixed so that they do.
Unfortunately, it seems that the client should fix it.
You will be vulnerable to CVE-2016-6816 but
What about the following system properties?
http://tomcat.apache.org/tomcat-8.5-doc/config/systemprops.html
tomcat.util.http.parser.HttpParser.requestTargetAllow
© 2024 OneMinuteCode. All rights reserved.