You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Rainer Jung <ra...@kippdata.de> on 2019/08/29 07:47:50 UTC
Malicious bugzilla attachment? [Was: [Bug 63695] session_cookie
attribute does not work?]
I don't know whether this attachment is just broken or some kind of
attack. We might want to delete it if possible.
It has suffix .pptx but neither Ooo, nor LibreOffice or Powerpoint show
correct content. The file starts with a magic header "NASCA DRM FILE -
VER1.00".
Regards,
Rainer
Am 29.08.2019 um 09:23 schrieb bugzilla@apache.org:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=63695
>
> --- Comment #3 from kimc.log@gmail.com ---
> Created attachment 36741
> --> https://bz.apache.org/bugzilla/attachment.cgi?id=36741&action=edit
> jk_lb_worker.c modification
>
> Showing how I modified the source code
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Malicious bugzilla attachment? [Was: [Bug 63695] session_cookie attribute does not work?]
Posted by Mark Thomas <ma...@apache.org>.
On August 29, 2019 8:52:57 AM UTC, Rainer Jung <ra...@kippdata.de> wrote:
>Am 29.08.2019 um 09:55 schrieb Mark Thomas:
>> That looks suspicious on multiple levels.
>>
>> I'll block the user account and delete the attachment. I'm also
>tempted
>> to resolve the issue as invalid. Any objections?
>
>Thanks for taking actions. I have replied in the ticket, because I
>think
>it's a misconfiguration. I would give the user a chance to report back,
>
>because apart from the broken attachment he provided reasonable info,
>so
>I think the ticket is not fake. If it turns out to be a
>misconfiguration, then of course it is invalid. If we would have
>responded sooner as we did now, we would have pointed him to the users
>list. But since he actually tried to dig into it, I would find it more
>friendly to give him a final chance to check my hint how to fix the
>config.
Ack. I'll need to unblock the account. Should be done is 5 to 10 mins.
Mark
>Regards,
>
>Rainer
>
>> Mark
>>
>>
>> On 29/08/2019 10:47, Rainer Jung wrote:
>>> I don't know whether this attachment is just broken or some kind of
>>> attack. We might want to delete it if possible.
>>>
>>> It has suffix .pptx but neither Ooo, nor LibreOffice or Powerpoint
>show
>>> correct content. The file starts with a magic header "NASCA DRM FILE
>-
>>> VER1.00".
>>>
>>> Regards,
>>>
>>> Rainer
>>>
>>> Am 29.08.2019 um 09:23 schrieb bugzilla@apache.org:
>>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=63695
>>>>
>>>> --- Comment #3 from kimc.log@gmail.com ---
>>>> Created attachment 36741
>>>> -->
>https://bz.apache.org/bugzilla/attachment.cgi?id=36741&action=edit
>>>> jk_lb_worker.c modification
>>>>
>>>> Showing how I modified the source code
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: dev-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Malicious bugzilla attachment? [Was: [Bug 63695] session_cookie
attribute does not work?]
Posted by Rainer Jung <ra...@kippdata.de>.
Am 29.08.2019 um 09:55 schrieb Mark Thomas:
> That looks suspicious on multiple levels.
>
> I'll block the user account and delete the attachment. I'm also tempted
> to resolve the issue as invalid. Any objections?
Thanks for taking actions. I have replied in the ticket, because I think
it's a misconfiguration. I would give the user a chance to report back,
because apart from the broken attachment he provided reasonable info, so
I think the ticket is not fake. If it turns out to be a
misconfiguration, then of course it is invalid. If we would have
responded sooner as we did now, we would have pointed him to the users
list. But since he actually tried to dig into it, I would find it more
friendly to give him a final chance to check my hint how to fix the config.
Regards,
Rainer
> Mark
>
>
> On 29/08/2019 10:47, Rainer Jung wrote:
>> I don't know whether this attachment is just broken or some kind of
>> attack. We might want to delete it if possible.
>>
>> It has suffix .pptx but neither Ooo, nor LibreOffice or Powerpoint show
>> correct content. The file starts with a magic header "NASCA DRM FILE -
>> VER1.00".
>>
>> Regards,
>>
>> Rainer
>>
>> Am 29.08.2019 um 09:23 schrieb bugzilla@apache.org:
>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=63695
>>>
>>> --- Comment #3 from kimc.log@gmail.com ---
>>> Created attachment 36741
>>> --> https://bz.apache.org/bugzilla/attachment.cgi?id=36741&action=edit
>>> jk_lb_worker.c modification
>>>
>>> Showing how I modified the source code
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Malicious bugzilla attachment? [Was: [Bug 63695] session_cookie
attribute does not work?]
Posted by Mark Thomas <ma...@apache.org>.
That looks suspicious on multiple levels.
I'll block the user account and delete the attachment. I'm also tempted
to resolve the issue as invalid. Any objections?
Mark
On 29/08/2019 10:47, Rainer Jung wrote:
> I don't know whether this attachment is just broken or some kind of
> attack. We might want to delete it if possible.
>
> It has suffix .pptx but neither Ooo, nor LibreOffice or Powerpoint show
> correct content. The file starts with a magic header "NASCA DRM FILE -
> VER1.00".
>
> Regards,
>
> Rainer
>
> Am 29.08.2019 um 09:23 schrieb bugzilla@apache.org:
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=63695
>>
>> --- Comment #3 from kimc.log@gmail.com ---
>> Created attachment 36741
>> --> https://bz.apache.org/bugzilla/attachment.cgi?id=36741&action=edit
>> jk_lb_worker.c modification
>>
>> Showing how I modified the source code
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org