Anonymous | Login | Signup for a new account | 11-21-2024 15:49 PST |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | |||||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | |||||||
0006490 | [Resin] | major | always | 10-04-23 14:05 | 10-30-23 08:18 | |||||||
Reporter | nam | View Status | public | |||||||||
Assigned To | ||||||||||||
Priority | high | Resolution | open | Platform | ||||||||
Status | new | OS | ||||||||||
Projection | none | OS Version | ||||||||||
ETA | none | Fixed in Version | Product Version | 4.0.66 | ||||||||
Product Build | ||||||||||||
Summary | 0006490: reject multiple Content-Length header fields for CVE-2005-2090 | |||||||||||
Description |
(rep by Mitsuo S.) Resin is not rejecting requests that have: 1. multiple Content-Length headers 2. multiple Transfer-Encoding headers 3. Content-Length with Transfer-Encoding headers As a result, an attacker can smuggle data through to the webapp or a downstream server. Tomcat fixed this issue by rejecting invalid requests outright. The newest HTTP spec tries to be more clear about which requests should be rejected. Tomcat fixes: https://tomcat.apache.org/security-6.html [^] CVE-2005-2090: https://nvd.nist.gov/vuln/detail/CVE-2005-2090 [^] newest HTTP spec: https://www.rfc-editor.org/rfc/rfc9112#name-message-body-length [^] older HTTP spec: https://www.rfc-editor.org/rfc/rfc7230#section-3.3.3 [^] |
|||||||||||
Steps To Reproduce | ||||||||||||
Additional Information | ||||||||||||
Attached Files | ||||||||||||
|
There are no notes attached to this issue. |
Issue History | |||
Date Modified | Username | Field | Change |
10-04-23 14:05 | nam | New Issue | |
10-30-23 08:18 | avni888 | Note Added: 0007304 | |
11-14-23 17:40 | ferg | Note Deleted: 0007304 |
Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
30 total queries executed. 26 unique queries executed. |