Using GET and POST parameter in a single FORM - is this a security vulnerability ?

Solution Verified - Updated -

Issue

<form method="POST" action="/context/someAction?X=GetValue">
<input type="text" name="X" value="PostValue">
<input type="submit" value="Send">
</form>

When submiting this form, the HttpServletRequest object contains "GetValue" and "PostValue" for the field X.

req.getParameter("X") returns "GetValue"
req.getParameterValues("X") returns ["GetValue","PostValue"]

Environment

JBoss Enterprise Platform (EAP) all versions
Tomcat all versions

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.