tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Where's the fix of CVE-2005-2090?
Date Mon, 28 Jan 2008 20:09:31 GMT
Michal Vyskocil wrote:
> I'm unable to locate a patch to fix the CVE-2005-2090. I cannot found any hint 
> from svn commit log or bugzilla.
> 
> Maybe is this commit
> ------------------------------------------------------------------------
> r513079 | markt | 2007-03-01 01:26:12 +0100 (Čt, 01 bře 2007) | 1 line
> 
> As per RFC2616, requests with multiple content-length headers are invalid.

Yep, that's it.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message