tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited
Date Tue, 27 Aug 2013 08:22:17 GMT
wastasy wrote:
> Hi everyone,
> I am testing an Apache Tomcat server 6.0.36 on Ubuntu Linux
> I would like to reproduce  CVE-2012-3544 Denial of Service Vulnerability 
> with Apache Tomcat 6.0.36
> I tried to send a request using chunked transfer encoding  with a web 
> proxy (Burp proxy) but I think I am making a mistake...
> How can I reproduce the bug?
> How can I send a request using chunked transfer encoding? Can you help 
> me please?
Sending a HTTP request with chunked encoding is a decision of the HTTP client, not of the

server.  So you need to find a client (and a payload) that will result in such an encoding

being used.

Helping someone to crash servers which have maybe not been updated yet to the latest 
version is probably not something that a lot of us here like to be doing with their time.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message