Learn More
Resend Email
10
netikras
2y

TIL you can crash a Tomcat request processing if the app reads request bodies using a reader() and you feed it a json body with an innocent nbsp :) the whole request processing just goes *pooooft*

reminds me of an ios bug which could brick the phone if it received an sms with weird chars.

These lynch-pin-bugs where a single byte/char in the right place at the right time can tear things down, are so subtle and fascinate me for some reason :)

random

java

filter

bug

tomcat

embedded tomcat

nbsp

spring
Favorite
Ranter
Comments
  • 2
    2y
    Those are fun!
  • 0
    2y
    Or you just shoot it down with any arbitrary SAM
  • 1
    2y
    Headers.

    Many HTTP client lack a complete understanding of http headers.

    Be it the case insensitivity, the length, illegal chars, multiple headers with same name, ...

    HTTP headers are scary. Really... Really... Scary.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment