| Anonymous | Login | Signup for a new account | 04-25-2024 10:22 PDT |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0004744 | [Resin] | minor | always | 09-01-11 13:31 | 09-06-11 13:42 | ||||
| Reporter | cowan | View Status | public | ||||||
| Assigned To | |||||||||
| Priority | normal | Resolution | fixed | Platform | |||||
| Status | closed | OS | |||||||
| Projection | none | OS Version | |||||||
| ETA | none | Fixed in Version | 4.0.23 | Product Version | |||||
| Product Build | |||||||||
| Summary | 0004744: Range header handling | ||||||||
| Description |
CVE-2011-3192 http://seclists.org/fulldisclosure/2011/Aug/175 [^] And the relevant Apache advisory: https://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110824161640.122D387DD@minotaur.apache.org%3E [^] |
||||||||
| Steps To Reproduce | |||||||||
| Additional Information | Rep by R. Madej | ||||||||
| Attached Files | |||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0005491) ferg 09-06-11 13:42 |
The exact Apache resource issue doesn't apply to Resin, but added Range limit checking to the file servlet and caching to avoid possibility of extending a large file to a larger file. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 09-01-11 13:31 | cowan | New Issue | |
| 09-06-11 13:42 | ferg | Note Added: 0005491 | |
| 09-06-11 13:42 | ferg | Status | new => closed |
| 09-06-11 13:42 | ferg | Resolution | open => fixed |
| 09-06-11 13:42 | ferg | Fixed in Version | => 4.0.23 |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed. 26 unique queries executed. |  |
