You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2017/05/24 13:59:03 UTC
[Bug 61120] New: Tomcat 8.5.15 with HTTP/2: URL path parameters lost
https://bz.apache.org/bugzilla/show_bug.cgi?id=61120
Bug ID: 61120
Summary: Tomcat 8.5.15 with HTTP/2: URL path parameters lost
Product: Tomcat 8
Version: 8.5.15
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: markus.doerschmidt@gmx.de
Target Milestone: ----
When using Tomcat 8.5.15 with HTTP/2 all URL path parameters gets lost.
In some cases, session tracking is done via URL (yes, I know, doing that is bad
;)). Using the HTTP/2 protocol, the URL contains the "jsessionid" parameter,
but Tomcat creates a new session. It seems, the session ID never reaches the
session manager.
I configured a connector using NIO2 in combination with Http2Protocol:
<Connector
port="8444"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
SSLEnabled="true"
scheme="https"
secure="true"
sslProtocol="TLS"
[...]>
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
</Connector>
Using the same connector without <UpgradeProtocol> everything is okay.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61120] Tomcat 8.5.15 with HTTP/2: URL path parameters lost
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61120
--- Comment #2 from Mark Thomas <ma...@apache.org> ---
This is CVE-2017-7675.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61120] Tomcat 8.5.15 with HTTP/2: URL path parameters lost
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61120
Markus Dörschmidt <ma...@gmx.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |markus.doerschmidt@gmx.de
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61120] Tomcat 8.5.15 with HTTP/2: URL path parameters lost
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61120
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Thanks for the report.
This has been fixed in:
- 9.0.x for 9.0.0.M22
- 8.5.x for 8.5.16
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61120] Tomcat 8.5.15 with HTTP/2: URL path parameters lost
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61120
--- Comment #3 from sam zain <om...@gmail.com> ---
This is CVE-2017-7675.
http://www.winmilliongame.com
http://www.gtagame100.com
http://www.subway-game.com
http://www.zumagame100.com
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [Bug 61120] Tomcat 8.5.15 with HTTP/2: URL path parameters lost
Posted by Mark Thomas <ma...@apache.org>.
On 28/04/2020 16:18, bugzilla@apache.org wrote:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=61120
>
> --- Comment #3 from Chuan Hing <la...@gmail.com> ---
I have locked this idiot's account and deleted the comment.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61120] Tomcat 8.5.15 with HTTP/2: URL path parameters lost
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61120
--- Comment #3 from Chuan Hing <la...@gmail.com> ---
Our labeling equipment manufacturer features horizontal and vertical
adjustments for allowing reliable and quick label replacement. The operates on
nearly every type of packaging. However, our labelers are ideal for
pharmaceutical, retail food, beverage, and confectionery industries. For more
visit: https://www.labelrex.com/product/sticker-labeling-machine/
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org