tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michal Vyskocil <mvysko...@suse.cz>
Subject Re: Where's the fix of CVE-2005-2090?
Date Tue, 29 Jan 2008 08:48:38 GMT
On Monday 28 January 2008 21:09:31 Mark Thomas wrote:
> Michal Vyskocil wrote:
> > I'm unable to locate a patch to fix the CVE-2005-2090. I cannot found any
> > hint from svn commit log or bugzilla.
> >
> > Maybe is this commit
> > ------------------------------------------------------------------------
> > r513079 | markt | 2007-03-01 01:26:12 +0100 (Čt, 01 bře 2007) | 1 line
> >
> > As per RFC2616, requests with multiple content-length headers are
> > invalid.
>
> Yep, that's it.
>
> Mark

Thanks for your help, Mark.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message