You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ka...@accenture.com on 2013/10/30 05:09:02 UTC

Apache Tomcat invalid Transfer-Encoding header request that prevents buffer recycling

Hi Team,

As per our security team we need to install the below patches on multiple servers to remove vulnerabilities.

Below is the information we have received from our security team, Need your support to have a detailed impact analysis on the compatibility of the below patches.

Apache Tomcat is a container for Java Servlet and Java Server Pages Web applications. Multiple vulnerabilities present in some versions of Apache Tomcat could lead to denial of service.
Multiple flaws are present in Tomcat, which fails to handle invalid Transfer-Encoding header request that prevents buffer recycling. Successful exploitation could allow an attacker to gain sensitive information or cause a denial of service condition on the affected system.

http://svn.apache.org/viewvc?view=revision&revision=958911
http://svn.apache.org/viewvc?view=revision&revision=958977
http://svn.apache.org/viewvc?view=revision&revision=959428
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-05-584&actionBtn=Search

Regards
Kanishk Sethi

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. .
______________________________________________________________________________________

www.accenture.com

Re: Apache Tomcat invalid Transfer-Encoding header request that prevents buffer recycling

Posted by Mark Thomas <ma...@apache.org>.

On 30/10/2013 04:09, kanishk.sethi@accenture.com wrote:
> Hi Team,
> 
> As per our security team we need to install the below patches on
> multiple servers to remove vulnerabilities.

This is a question for the users list, not the dev list.

You should read this:
http://www.catb.org/esr/faqs/smart-questions.html

before you post your question to the users list.

Mark


> Below is the information we have received from our security team,
> Need your support to have a detailed impact analysis on the
> compatibility of the below patches.
> 
> Apache Tomcat is a container for Java Servlet and Java Server Pages
> Web applications. Multiple vulnerabilities present in some versions
> of Apache Tomcat could lead to denial of service. Multiple flaws are
> present in Tomcat, which fails to handle invalid Transfer-Encoding
> header request that prevents buffer recycling. Successful
> exploitation could allow an attacker to gain sensitive information or
> cause a denial of service condition on the affected system.
> 
> http://svn.apache.org/viewvc?view=revision&revision=958911 
> http://svn.apache.org/viewvc?view=revision&revision=958977 
> http://svn.apache.org/viewvc?view=revision&revision=959428 
> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151
>
> 
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-05-584&actionBtn=Search
> 
> Regards Kanishk Sethi
> 
> ________________________________
> 
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If
> you have received it in error, please notify the sender immediately
> and delete the original. Any other use of the e-mail by you is
> prohibited. Where allowed by local law, electronic communications
> with Accenture and its affiliates, including e-mail and instant
> messaging (including content), may be scanned by our systems for the
> purposes of information security and assessment of internal
> compliance with Accenture policy. . 
> ______________________________________________________________________________________
>
>  www.accenture.com
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org