AOLserver 4.0.6 Released
On behalf of the AOLserver Team, I have the honor of announcing the
latest point release of AOLserver: 4.0.6.
This version is primarily a bug
There is a security issue in Aolserver, which is described here:
http://openacs.org/bugtracker/openacs/bug?bug_number=2011
Untrusted users can craft pages that subsequent users will receive when
they browse the site.
This should be a one-line bug-fix, I imagine.
Jade
--
AOLserver -
On 2004.07.16, Jade Rubick [EMAIL PROTECTED] wrote:
There is a security issue in Aolserver, which is described here:
http://openacs.org/bugtracker/openacs/bug?bug_number=2011
Untrusted users can craft pages that subsequent users will receive when
they browse the site.
This should be a
Lets discuss this issue, but my gut reaction is that the proper fix to
this issue is defensive programming by the application developer. It
I agree. What's next, sanity checking in the server against SQL attacks?
(ie: some.adp?id=1; delete from users;)
The most common (only?) cause of
The issue being discussed is the HTTP response injection described in
this paper:
http://www.sanctuminc.com/pdf/whitepaper_httpresponse.pdf
The idea is that there may be ways for user-supplied input to go,
unsanitized, into the HTTP response returned from the server. This can
be used to
How to reproduce:
telnet host 80
GET / HTTP/1.1
I sent an email about this early yesterday well before the release, but
didn't get any response.
Thanks.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to [EMAIL PROTECTED] with
This causes a core dump?
rob
Stephen Deasey wrote:
How to reproduce:
telnet host 80
GET / HTTP/1.1
I sent an email about this early yesterday well before the release, but
didn't get any response.
Thanks.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list,
I forgot to mention: HTTP responses that are ENTIRELY user-generated
(i.e., via ns_write) will NOT be validated with this change.
Code which sends responses back via ns_write MUST validate its inputs
and ensure that the HTTP response it sends back is valid and conforms to
the spec. as necessary.
Line 1110 of driver.c:
sockPtr-reqPtr-request-method = BAD;
request-method is usually a malloced string, but here it's pointing to
static storage. After request is finnished Ns_FreeRequest is called on
the request pointer, which then tries to ns_free method. The server
aborts at this
On Fri, 2004-07-16 at 13:01, Dossy wrote:
This also raises the issue that AOLserver currently does NOT accept HTTP
requests where header lines are split across multiple lines via
header-continuation. With regard to strict compliance to the spec.,
this is a bug and should be addressed
On 2004.07.16, Stephen Deasey [EMAIL PROTECTED] wrote:
On Fri, 2004-07-16 at 13:01, Dossy wrote:
This also raises the issue that AOLserver currently does NOT accept HTTP
requests where header lines are split across multiple lines via
header-continuation. With regard to strict compliance to
11 matches
Mail list logo
