[Mono-bugs] [Bug 418620] Sys.Web is prone to "HTTP header injection" attacks

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Wed Aug 20 08:16:46 EDT 2008


User juraj at hotfeet.ch added comment

--- Comment #9 from Juraj Skripsky <juraj at hotfeet.ch>  2008-08-20 06:16:45 MDT ---
Created an attachment (id=234421)
 --> (https://bugzilla.novell.com/attachment.cgi?id=234421)

Marek, what do you think about this patch?

Calling WebConfigurationManager.GetSection() for every single header makes me
feel a bit uneasy. GetSection will use the "sectionCache" property which in
turn uses the icall AppDomain.GetData. And ves_icall_System_AppDomain_GetData
uses the domain lock...

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list