tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Johanson <tomcat-u...@kensystem.com>
Subject Bug?: tomcat does not log reqs without c-length or transfer-encoding
Date Fri, 13 Feb 2009 05:28:43 GMT
Hi,

I noticed that requests (POST in the case) that are missing both the 
Content-Length and also Transfer-encoding, are not logged (as invalid) 
in Tomcat/6.0.18. Seems potential for stealth mis-use (DoS etc).

I'm not sure of this is core or 
org.apache.catalina.valves.AccessLogValve (would appear to be a 
org/apache/coyote/http11/ Processor?)

Regards,

ken



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message