rclijia
commented
1 week ago https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27982
Is this reason ?
Open rclijia opened 2 weeks ago
rclijia
commented
1 week ago https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27982
Is this reason ?
ShogunPanda
commented
1 week ago Yes, exactly. Supporting that white space would be a security problem.
The wireshark follow tcp stream :
GET /HelloWorld.html HTTP/1.1
Host:syuqqq.xudaowang.com:8021 Accept: */*
User-Agent:Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Connection:Keep-Alive
however, the " Connection:Keep-Alive" start with a whitespace. Does it not support whitespace before header filed name( version 9.2.1) ?
http_whitespace_before_header.zip