https://bugzilla.redhat.com/show_bug.cgi?id=1397484
--- Doc Text *updated* by Tomas Hoger thoger@redhat.com --- It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.