-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
On 5/27/14, 8:46 AM, Mark Thomas wrote:
> CVE-2014-0097 Information Disclosure
>
> Severity: Important
>
> Vendor: The Apache Software Foundation
>
> Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache
> Tomcat 7.0.0 to 7.0.52 - A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Konstantin,
On 5/27/14, 10:12 AM, Konstantin Preißer wrote:
> Hi André,
>
>> -Original Message- From: André Warnier
>> [mailto:a...@ice-sa.com] Sent: Tuesday, May 27, 2014 3:06 PM
>>
>> Mark Thomas wrote:
>>> CVE-2014-0097 Information Disc
Hi André,
> -Original Message-
> From: André Warnier [mailto:a...@ice-sa.com]
> Sent: Tuesday, May 27, 2014 3:06 PM
>
> Mark Thomas wrote:
> > CVE-2014-0097 Information Disclosure
> >
> ...
>
> >
> > Description:
> > The code used to parse the request content length header did not check
Mark Thomas wrote:
CVE-2014-0097 Information Disclosure
...
Description:
The code used to parse the request content length header did not check
for overflow in the result. This exposed a request smuggling
vulnerability when Tomcat was located behind a reverse proxy that
correctly processed t
CVE-2014-0097 Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39
Description:
The code used to parse the request content length header did not che
