tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 51828] Tomcat vulnerable to CVE-2011-3192 denial of service
Date Thu, 15 Sep 2011 15:52:39 GMT

William A. Rowe Jr. <> changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

--- Comment #2 from William A. Rowe Jr. <> 2011-09-15 15:52:39 UTC ---
According to that page, Tim Funk answers correctly, quoting him...

"Its not a vulnerability. read the Default servlet code. It loads the resource
once. It also reads all the range offsets. Then it iterates through all the
offsets serving the content bases on the original resource. Which is DIFFERENT
as to how apache httpd did it. So it will not trigger an OOM exception."

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message