https://bz.apache.org/bugzilla/show_bug.cgi?id=63578
Bug ID: 63578
Summary: o.a.coyote.http11.Http11Processor.prepareRequest:
various inputs triggering 500 response code
Product: Tomcat 9
Version: 9.0.22
Hardware: Macintosh
Status: NEW
Severity: minor
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: a...@forallsecure.com
Target Milestone: -----
Created attachment 36672
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36672&action=edit
Inputs triggering 500 responses.
Http11Processor.prepareRequest generates 500 responses instead of 400 on
various inputs:
- Invalid Expect and Transfer-encoding headers can lead to a NullPtrException
- Invalid Content-length headers can lead to an InvalidArgumentException and a
NumberFormatException
- Large numbers of headers and/or cookies can lead to an IllegalStateException
or an InvalidArgumentException
I'm attaching the inputs that resulted in 500 responses. You can replay them
with `cat <exception>.request | nc localhost 8080`, assuming tomcat listens on
8080. The responses are attached in the respective `<exception>.response` file.
The responses include the stacktraces that led to the 500.
I'm running tomcat from source after compiling it with ant. Version is 'Apache
Tomcat/9.0.22-dev', and commit is ed26bdbaf639a17c02a1e864d2c0553ed3f95971 from
Jul 22.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
