[jira] [Created] (AXIS2C-1661) vulnerability : buffer overflow in axis2/c http client

Gilles Gagniard (JIRA) Tue, 28 Jan 2014 02:49:03 -0800

Gilles Gagniard created AXIS2C-1661:
---------------------------------------


             Summary: vulnerability : buffer overflow in axis2/c http client
                 Key: AXIS2C-1661
                 URL: https://issues.apache.org/jira/browse/AXIS2C-1661
             Project: Axis2-C
          Issue Type: Bug
          Components: core/transport
    Affects Versions: 1.6.0, 1.7.0, Current (Nightly)
         Environment: Any, axis2/c built with native http sender (no libcurl)
            Reporter: Gilles Gagniard
            Priority: Critical


With axis2/c used as a client using http transport, if a malicious server 
begins its reply with more than 512 bytes without CRLF (ie. in place of the 
response status), this causes a stack overflow in the client. Remote code 
execution is certainly possible.

Please find a fix for this vulnerability here :

https://github.com/gillesgagniard/wso2-wsf-cpp-gg/commit/976f9c60ccade30ae3fe1a2bddbaeb1fdc9e000a



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: c-dev-h...@axis.apache.org

[jira] [Created] (AXIS2C-1661) vulnerability : buffer overflow in axis2/c http client

Reply via email to