Open rclijia opened 2 weeks ago
The wireshark follow tcp stream :
GET /HelloWorld.html HTTP/1.1 Host:syuqqq.xudaowang.com:8021 Accept: */* User-Agent:Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) Connection:Keep-Alive
however, the " Connection:Keep-Alive" start with a whitespace. Does it not support whitespace before header filed name( version 9.2.1) ?
http_whitespace_before_header.zip
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27982 Is this reason ?
Yes, exactly. Supporting that white space would be a security problem.
The wireshark follow tcp stream :
GET /HelloWorld.html HTTP/1.1
Host:syuqqq.xudaowang.com:8021 Accept: */*
User-Agent:Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Connection:Keep-Alive
however, the " Connection:Keep-Alive" start with a whitespace. Does it not support whitespace before header filed name( version 9.2.1) ?
http_whitespace_before_header.zip