DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38859>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38859 Summary: mod_jk reads beyond buffer boundaries if length of chunk too long in send_body_chunk message Product: Tomcat 5 Version: 5.5.16 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Native:JK AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] The AJP connector of Tomcat 5.5.15 contained a bug that sometimes set a too long length for the chunks delivered by send_body_chunks AJP messages. This is fixed meanwhile by http://svn.apache.org/viewcvs.cgi?rev=381505&view=rev. A bug of this type can cause mod_jk to read beyond buffer boundaries and thus reveal sensitive memory information to a client. The attached patch against mod_jk 1.2.15 adds a sanity check to prevent mod_jk from reading beyond buffer boundaries in such cases. This protects mod_jk against buggy or malicious AJP servers in the backend. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
