tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "小咸鱼" <>
Subject How can I analog this bug to my colleague
Date Fri, 22 Aug 2014 02:31:02 GMT
I read  an  article  on  the  internet  that  says  that  Tomcat was found to accept content-length
headers with chunked encoding over any HTTP connector and multiple content-length headers
in a request when using the AJP connector. This could allow attackers to poison a web-cache,
bypass web application firewall protection, or conduct cross-site scripting attacks. the 
article  is    so   I  want  to  know
 how  can  I  produce  this  bug  again   to  show  the  processor  of  the  bug   to  my
 colleague , what  should  I  do  to  produce  the  bug  again ,  I  am   looking  forward
for  your  reply  !!!  thanks  a  lot   
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message