|
Mantis - Resin
|
|||||
| Viewing Issue Advanced Details | |||||
|
|
|||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
| 6490 | major | always | 10-04-23 14:05 | 10-30-23 08:18 | |
|
|
|||||
| Reporter: | nam | Platform: | |||
| Assigned To: | OS: | ||||
| Priority: | high | OS Version: | |||
| Status: | new | Product Version: | 4.0.66 | ||
| Product Build: | Resolution: | open | |||
| Projection: | none | ||||
| ETA: | none | Fixed in Version: | |||
|
|
|||||
| Summary: | 0006490: reject multiple Content-Length header fields for CVE-2005-2090 | ||||
| Description: |
(rep by Mitsuo S.) Resin is not rejecting requests that have: 1. multiple Content-Length headers 2. multiple Transfer-Encoding headers 3. Content-Length with Transfer-Encoding headers As a result, an attacker can smuggle data through to the webapp or a downstream server. Tomcat fixed this issue by rejecting invalid requests outright. The newest HTTP spec tries to be more clear about which requests should be rejected. Tomcat fixes: https://tomcat.apache.org/security-6.html [^] CVE-2005-2090: https://nvd.nist.gov/vuln/detail/CVE-2005-2090 [^] newest HTTP spec: https://www.rfc-editor.org/rfc/rfc9112#name-message-body-length [^] older HTTP spec: https://www.rfc-editor.org/rfc/rfc7230#section-3.3.3 [^] |
||||
| Steps To Reproduce: | |||||
| Additional Information: | |||||
| Relationships | |||||
| Attached Files: | |||||
| There are no notes attached to this issue. |