CORRECTION: This is CVE-2014-0099 *NOT* -0097
Apologies for the typo
On 27/05/2014 13:46, Mark Thomas wrote:
CVE-2014-0099 Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache
On 27/05/2014 14:05, André Warnier wrote:
Mark Thomas wrote:
CVE-2014-0099 Information Disclosure
...
Description:
The code used to parse the request content length header did not check
for overflow in the result. This exposed a request smuggling
vulnerability when Tomcat was located
Mark Thomas wrote:
On 27/05/2014 14:05, André Warnier wrote:
Mark Thomas wrote:
CVE-2014-0099 Information Disclosure
...
Description:
The code used to parse the request content length header did not check
for overflow in the result. This exposed a request smuggling
vulnerability when
On 27/05/2014 15:12, Konstantin Preißer wrote:
Hi André,
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Tuesday, May 27, 2014 3:06 PM
Mark Thomas wrote:
CVE-2014-0099 Information Disclosure
...
Description:
The code used to parse the request content
Hi Mark,
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Tuesday, May 27, 2014 4:33 PM
snip
Yes, you need to have a content-length above Long.MAX_VALUE for
problems
to occur. That would be unusual to say the least for most (all?)
applications in normal usage
Mark Thomas wrote:
On 27/05/2014 15:12, Konstantin Preißer wrote:
Hi André,
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Tuesday, May 27, 2014 3:06 PM
Mark Thomas wrote:
CVE-2014-0099 Information Disclosure
...
Description:
The code used to parse the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
André,
On 5/27/14, 10:03 AM, André Warnier wrote:
Mark Thomas wrote:
On 27/05/2014 14:05, André Warnier wrote:
Mark Thomas wrote:
CVE-2014-0099 Information Disclosure
...
Description: The code used to parse the request content
length
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 5/27/14, 10:32 AM, Mark Thomas wrote:
On 27/05/2014 15:12, Konstantin Preißer wrote:
Hi André,
-Original Message- From: André Warnier
[mailto:a...@ice-sa.com] Sent: Tuesday, May 27, 2014 3:06 PM
Mark Thomas wrote:
On 27/05/2014 19:24, Christopher Schultz wrote:
André,
On 5/27/14, 10:03 AM, André Warnier wrote:
Mark Thomas wrote:
On 27/05/2014 14:05, André Warnier wrote:
Mark Thomas wrote:
CVE-2014-0099 Information Disclosure
...
Description: The code used to parse the request content
length
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 5/27/14, 3:04 PM, Mark Thomas wrote:
On 27/05/2014 19:24, Christopher Schultz wrote:
André,
On 5/27/14, 10:03 AM, André Warnier wrote:
Mark Thomas wrote:
On 27/05/2014 14:05, André Warnier wrote:
Mark Thomas wrote:
CVE-2014-0099
Mark Thomas wrote:
On 27/05/2014 19:24, Christopher Schultz wrote:
André,
On 5/27/14, 10:03 AM, André Warnier wrote:
Mark Thomas wrote:
On 27/05/2014 14:05, André Warnier wrote:
Mark Thomas wrote:
CVE-2014-0099 Information Disclosure
...
Description: The code used to parse the request
11 matches
Mail list logo