| Anonymous | Login | Signup for a new account | 11-21-2024 10:17 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | |||||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | |||||||
| 0006490 | [Resin] | major | always | 10-04-23 14:05 | 10-30-23 08:18 | |||||||
| Reporter | nam | View Status | public | |||||||||
| Assigned To | ||||||||||||
| Priority | high | Resolution | open | |||||||||
| Status | new | Product Version | 4.0.66 | |||||||||
| Summary | 0006490: reject multiple Content-Length header fields for CVE-2005-2090 | |||||||||||
| Description |
(rep by Mitsuo S.) Resin is not rejecting requests that have: 1. multiple Content-Length headers 2. multiple Transfer-Encoding headers 3. Content-Length with Transfer-Encoding headers As a result, an attacker can smuggle data through to the webapp or a downstream server. Tomcat fixed this issue by rejecting invalid requests outright. The newest HTTP spec tries to be more clear about which requests should be rejected. Tomcat fixes: https://tomcat.apache.org/security-6.html [^] CVE-2005-2090: https://nvd.nist.gov/vuln/detail/CVE-2005-2090 [^] newest HTTP spec: https://www.rfc-editor.org/rfc/rfc9112#name-message-body-length [^] older HTTP spec: https://www.rfc-editor.org/rfc/rfc7230#section-3.3.3 [^] |
|||||||||||
| Additional Information | ||||||||||||
| Attached Files | ||||||||||||
|
|
||||||||||||
 Relationships |
|
| There are no notes attached to this issue. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 10-04-23 14:05 | nam | New Issue | |
| 10-30-23 08:18 | avni888 | Note Added: 0007304 | |
| 11-14-23 17:40 | ferg | Note Deleted: 0007304 | |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
30 total queries executed. 26 unique queries executed. |  |
