CVE-2014-0097 Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39
Description:
The code used to parse the request content length header did not
Mark Thomas wrote:
CVE-2014-0097 Information Disclosure
...
Description:
The code used to parse the request content length header did not check
for overflow in the result. This exposed a request smuggling
vulnerability when Tomcat was located behind a reverse proxy that
correctly processed
Hi André,
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Tuesday, May 27, 2014 3:06 PM
Mark Thomas wrote:
CVE-2014-0097 Information Disclosure
...
Description:
The code used to parse the request content length header did not check
for overflow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Konstantin,
On 5/27/14, 10:12 AM, Konstantin Preißer wrote:
Hi André,
-Original Message- From: André Warnier
[mailto:a...@ice-sa.com] Sent: Tuesday, May 27, 2014 3:06 PM
Mark Thomas wrote:
CVE-2014-0097 Information Disclosure
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
On 5/27/14, 8:46 AM, Mark Thomas wrote:
CVE-2014-0097 Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache
Tomcat 7.0.0 to 7.0.52 - Apache