DO NOT REPLY [Bug 51698] New: ajp CPing/Forward-Request packet forgery, is a design decision? or a security vulnerability?
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698 Bug #: 51698 Summary: ajp CPing/Forward-Request packet forgery, is a design decision? or a security vulnerability? Product: Tomcat 7 Version: 7.0.20 Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Connectors AssignedTo: dev@tomcat.apache.org ReportedBy: zhh200...@gmail.com Classification: Unclassified Created attachment 27416 -- https://issues.apache.org/bugzilla/attachment.cgi?id=27416 ajp CPing packet forgery example because the ajp Data packet no CodeType and tomcat adopts lazy-reading strategy for reading ajp Data packet, (i.e., if you don't invoke request.getParameter(XXX),tomcat does't read post request Data packet) so,the current Data packet keeping in the socket inputstream, the connection is keep-alive, ajp bio/nio procesor reading the next packet, this time, is Data packet。 if the first byte of Data packet'length is 0x02(Code Type of Forward Request Packet) or 0x0A(Code Type of CPing Packet), then tomcat will be in trouble. please see the attachments. firt example: ajp CPing packet forgery example second example: ajp Forward-Request packet forgery -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 51698] ajp CPing/Forward-Request packet forgery, is a design decision? or a security vulnerability?
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698 --- Comment #1 from zhh zhh200...@gmail.com 2011-08-20 07:55:51 UTC --- Created attachment 27417 -- https://issues.apache.org/bugzilla/attachment.cgi?id=27417 ajp Forward-Request packet forgery second example: ajp Forward-Request packet forgery -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Votes needed for 5.5.x
I should be back from vacation tomorrow evening so I can start the formal release process Monday! :) On Aug 16, 2011, at 6:38 AM, Mark Thomas wrote: With Jim likely to be rolling a 5.5.x release next week I have been looking at the 5.5.x status file. There are a handful of issues that need a vote (and the odd issue that needs 2) before the patch can be applied. Currently neither Tomcat 6 nor Tomcat 7 have any open, unpatched bugs at the moment. It would be great if we could say the same for Tomcat 5 - even if that state of affairs is unlikely to last very long ;). I'm happy to keep an eye on the status file and apply patches as they gather the necessary votes. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1159673 - in /tomcat/tc7.0.x/trunk: java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java webapps/docs/changelog.xml webapps/docs/config/listeners.xml
Konstantin, On 8/19/2011 3:11 PM, Konstantin Kolinko wrote: Mark cleared the changelog file after creating the branch. The idea is that * work is done on trunk * it is merged to tc7.0.x * items merged to tc7.0.x go into TC7's changelog file and those that won't be merged go into TC8's changelog. There is a comment at the top of trunk's changelog.xml: (...) Until the first Tomcat 8.0.0 release, only changes not back-ported to 7.0.x should be listed here. -- Thanks for the clarification. I'll go ahead and forward-port the patch to trunk. -chris signature.asc Description: OpenPGP digital signature