Using GET and POST parameter in a single FORM - is this a security vulnerability ?
Issue
<form method="POST" action="/context/someAction?X=GetValue">
<input type="text" name="X" value="PostValue">
<input type="submit" value="Send">
</form>
When submiting this form, the HttpServletRequest object contains "GetValue" and "PostValue" for the field X.
req.getParameter("X") returns "GetValue"
req.getParameterValues("X") returns ["GetValue","PostValue"]
Environment
JBoss Enterprise Platform (EAP) all versions
Tomcat all versions
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
