You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/12/04 10:52:35 UTC
DO NOT REPLY [Bug 25193] New: -
Wrong Content-Length in POST could cause information leakage / misbehaviour
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25193>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25193
Wrong Content-Length in POST could cause information leakage / misbehaviour
Summary: Wrong Content-Length in POST could cause information
leakage / misbehaviour
Product: Tomcat 5
Version: 5.0.16
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Major
Priority: Other
Component: Tester
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: christian.hufgard@gmx.de
Hi, since we had some strange behaviour according to some parts of our software,
we found something in Tomcat 4.1.18, 4.2.25 and 5.0.16 (guess so, also on lot of
other versions..)
If a POST-request sends a wrong Content-length (too large), Tomcat does not send
a HTTP 400 Code but continues to process the request. This is no really problem
so far, since all parameters whith the POST-request are still read in a correct
matter.
But if the client cuts the connection (presses the abort-button, goes offline,
anyway..) Tomcat uses data from previous request to get the given
content-length. (Seems the buffer is not cleared correctly). This could lead to
some critical information leakage on client side, if paramters are bounced back
to client (e.g. preview-functions in guestbooks, forums, ...) and can also some
really strange behaviour if you use this information to generate and send an
email. So content from other "mails" is taken and filled into a new mail.
Is there any workaround known?
Greetz
Christian
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org