Skip navigation

Change request ID for join forms to not include the pipe character

score 200
You have not voted. Below Review Threshold

Recent versions of Tomcat 7 and 8 restrict the use of the pipe character.

This affects the use of direct URLs to join forms that pass the eid parameter.   The eid parameter for join forms includes the pipe character.  Ex:  0000123456|0000123456.    Direct URL links are part of any Web report against a join form.


Tomcat can be set to allow the pipe character by adjusting the file to include this parameter.

# Allow for changes to HTTP request validation

# WARNING: Using this option will expose the server to CVE-2016-6816



However, many companies will not allow the security exposure.


Vote history