Mantis Bugtracker
  

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0006490 [Resin] major always 10-04-23 14:05 10-30-23 08:18
Reporter nam View Status public  
Assigned To
Priority high Resolution open Platform
Status new   OS
Projection none   OS Version
ETA none Fixed in Version Product Version 4.0.66
  Product Build
Summary 0006490: reject multiple Content-Length header fields for CVE-2005-2090
Description (rep by Mitsuo S.)

Resin is not rejecting requests that have:

1. multiple Content-Length headers
2. multiple Transfer-Encoding headers
3. Content-Length with Transfer-Encoding headers

As a result, an attacker can smuggle data through to the webapp or a downstream server. Tomcat fixed this issue by rejecting invalid requests outright. The newest HTTP spec tries to be more clear about which requests should be rejected.

Tomcat fixes: https://tomcat.apache.org/security-6.html [^]
CVE-2005-2090: https://nvd.nist.gov/vuln/detail/CVE-2005-2090 [^]

newest HTTP spec: https://www.rfc-editor.org/rfc/rfc9112#name-message-body-length [^]
older HTTP spec: https://www.rfc-editor.org/rfc/rfc7230#section-3.3.3 [^]
Steps To Reproduce
Additional Information
Attached Files

- Relationships

There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
10-04-23 14:05 nam New Issue
10-30-23 08:18 avni888 Note Added: 0007304
11-14-23 17:40 ferg Note Deleted: 0007304


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
30 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker