Header Manipulation vulnerabilities flagged by FoD

[kyra-ohare]

Fortify on Demand has flagged this class containing unvalidated data in an HTTP response header.

When Content-Encoding is type "deflate", FoD complains that the data, which enters through getEntity() on line 95, leaves without being validated through setEntity() on line 97. However, the same does not happen when Content-Encoding is type "gzip".

[dermot-hardy]

I've looked at the FoD issue and I believe that it is a false positive.