This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 7088a007d0 Add a unit test for CVE-2025-53506
7088a007d0 is described below
commit 7088a007d05fbf160c355cbad9c2e0b857b20794
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Sep 10 14:46:50 2025 +0100
Add a unit test for CVE-2025-53506
This is the first of what will hopefully be many.
---
test/org/apache/coyote/http2/Http2TestBase.java | 2 +-
.../tomcat/security/TestSecurity2025Http2.java | 62 ++++++++++++++++++++++
2 files changed, 63 insertions(+), 1 deletion(-)
diff --git a/test/org/apache/coyote/http2/Http2TestBase.java
b/test/org/apache/coyote/http2/Http2TestBase.java
index c900f00bf9..f37621211c 100644
--- a/test/org/apache/coyote/http2/Http2TestBase.java
+++ b/test/org/apache/coyote/http2/Http2TestBase.java
@@ -804,7 +804,7 @@ public abstract class Http2TestBase extends TomcatBaseTest {
}
- void sendClientPreface() throws IOException {
+ protected void sendClientPreface() throws IOException {
os.write(Http2Parser.CLIENT_PREFACE_START);
os.write(EMPTY_SETTINGS_FRAME);
os.flush();
diff --git a/test/org/apache/tomcat/security/TestSecurity2025Http2.java
b/test/org/apache/tomcat/security/TestSecurity2025Http2.java
new file mode 100644
index 0000000000..bd5ec1c1c1
--- /dev/null
+++ b/test/org/apache/tomcat/security/TestSecurity2025Http2.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.security;
+
+import java.io.IOException;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import org.apache.coyote.http2.Http2TestBase;
+
+public class TestSecurity2025Http2 extends Http2TestBase {
+
+ /*
+ * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506
+ *
+ * Fixed in
+ * 11.0.9
https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b
+ * 10.1.43
https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb
+ * 9.0.107
https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b
+ */
+ @Test
+ public void testCVE_2025_53506() throws Exception {
+ enableHttp2(100);
+ configureAndStartWebApplication();
+ openClientConnection(false, false);
+ doHttpUpgrade();
+ sendClientPreface();
+ validateHttp2InitialResponse(100);
+
+ int streamId = 3;
+ Throwable t = null;
+ try {
+ /*
+ * Note: The client will create streams and send requests faster
than Tomcat can process them so the
+ * concurrent stream count will be well above 100 by the time the
client sees the exception. However,
+ * Tomcat will only have processed the first 100.
+ */
+ while (true) {
+ sendSimpleGetRequest(streamId);
+ streamId += 2;
+ }
+ } catch (IOException ioe) {
+ t = ioe;
+ }
+ Assert.assertNotNull(t);
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
