diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java
index 968a9666c56..fd5e63e0880 100644
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java
@@ -898,6 +898,8 @@ public class HttpParser
                                         break;
                                 }
                             }
+                            else if (ch<=HttpTokens.SPACE)
+                                throw new BadMessage();
                             else
                             {
                                 if (buffer.hasRemaining())
@@ -962,6 +964,8 @@ public class HttpParser
                     break;
 
                 case HEADER_NAME:
+                    if (ch<0)
+                        throw new BadMessage();
                     switch(ch)
                     {
                         case HttpTokens.LINE_FEED:
@@ -971,7 +975,6 @@ public class HttpParser
                                 _header=HttpHeader.CACHE.get(_headerString);
                             }
                             setState(State.HEADER);
-
                             break;
 
                         case HttpTokens.COLON:
@@ -982,10 +985,11 @@ public class HttpParser
                             }
                             setState(State.HEADER_VALUE);
                             break;
+                            
                         case HttpTokens.SPACE:
                         case HttpTokens.TAB:
-                            _string.append((char)ch);
                             break;
+                            
                         default:
                         {
                             _string.append((char)ch);
@@ -997,6 +1001,12 @@ public class HttpParser
                     break;
 
                 case HEADER_IN_NAME:
+                    if (ch<HttpTokens.SPACE)
+                    {
+                        
+                    }
+                    if (ch<0)
+                        throw new BadMessage("Illegal character");
                     switch(ch)
                     {
                         case HttpTokens.LINE_FEED:
@@ -1072,7 +1082,7 @@ public class HttpParser
                             break;
                         default:
                         {
-                            _string.append((char)ch);
+                            _string.append((char)(0xff&ch));
                             _length=_string.length();
                             setState(State.HEADER_IN_VALUE);
                         }
@@ -1121,7 +1131,7 @@ public class HttpParser
                                 _valueString=null;
                                 _field=null;
                             }
-                            _string.append((char)ch);
+                            _string.append((char)(0xff&ch));
                             _length++;
                     }
                     break;
diff --git a/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java b/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java
index 7c197a10137..3469daf8c6b 100644
--- a/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java
+++ b/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java
@@ -20,6 +20,7 @@ package org.eclipse.jetty.http;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
 
 import java.nio.ByteBuffer;
@@ -29,6 +30,8 @@ import java.util.List;
 import org.eclipse.jetty.http.HttpParser.State;
 import org.eclipse.jetty.util.BufferUtil;
 import org.eclipse.jetty.util.StringUtil;
+import org.hamcrest.Matchers;
+import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -338,6 +341,71 @@ public class HttpParserTest
         assertEquals(9, _headers);
     }
 
+    @Test
+    public void testEncodedHeader() throws Exception
+    {
+        ByteBuffer buffer=BufferUtil.allocate(4096);
+        BufferUtil.flipToFill(buffer); 
+        BufferUtil.put(BufferUtil.toBuffer("GET "),buffer);
+        buffer.put("/foo/\u0690/".getBytes(StringUtil.__UTF8_CHARSET));
+        BufferUtil.put(BufferUtil.toBuffer(" HTTP/1.0\r\n"),buffer);
+        BufferUtil.put(BufferUtil.toBuffer("Header1: "),buffer);
+        buffer.put("\u00e6 \u00e6".getBytes(StringUtil.__ISO_8859_1_CHARSET));
+        BufferUtil.put(BufferUtil.toBuffer("  \r\n\r\n"),buffer);
+        BufferUtil.flipToFlush(buffer,0);
+                    
+        HttpParser.RequestHandler<ByteBuffer> handler  = new Handler();
+        HttpParser parser= new HttpParser(handler);
+        parseAll(parser,buffer);
+
+        assertEquals("GET", _methodOrVersion);
+        assertEquals("/foo/\u0690/", _uriOrStatus);
+        assertEquals("HTTP/1.0", _versionOrReason);
+        assertEquals("Header1", _hdr[0]);
+        assertEquals("\u00e6 \u00e6", _val[0]);
+        assertEquals(0, _h);
+        assertEquals(null,_bad);
+    }
+    
+    
+
+    @Test
+    public void testBadMethodEncoding() throws Exception
+    {
+        ByteBuffer buffer= BufferUtil.toBuffer(
+            "G\u00e6T / HTTP/1.0\r\nHeader0: value0\r\n\n\n");
+        
+        HttpParser.RequestHandler<ByteBuffer> handler  = new Handler();
+        HttpParser parser= new HttpParser(handler);
+        parseAll(parser,buffer);
+        assertThat(_bad,Matchers.notNullValue());
+    }
+
+    @Test
+    public void testBadVersionEncoding() throws Exception
+    {
+        ByteBuffer buffer= BufferUtil.toBuffer(
+            "GET / H\u00e6P/1.0\r\nHeader0: value0\r\n\n\n");
+        
+        HttpParser.RequestHandler<ByteBuffer> handler  = new Handler();
+        HttpParser parser= new HttpParser(handler);
+        parseAll(parser,buffer);
+        assertThat(_bad,Matchers.notNullValue());
+    }
+
+
+    @Test
+    public void testBadHeaderEncoding() throws Exception
+    {
+        ByteBuffer buffer= BufferUtil.toBuffer(
+            "GET / HTTP/1.0\r\nH\u00e6der0: value0\r\n\n\n");
+        
+        HttpParser.RequestHandler<ByteBuffer> handler  = new Handler();
+        HttpParser parser= new HttpParser(handler);
+        parseAll(parser,buffer);
+        assertThat(_bad,Matchers.notNullValue());
+    }
+    
     @Test
     public void testSplitHeaderParse() throws Exception
     {