Mark Thomas wrote:
On 27/05/2014 19:24, Christopher Schultz wrote:
André,
On 5/27/14, 10:03 AM, André Warnier wrote:
Mark Thomas wrote:
On 27/05/2014 14:05, André Warnier wrote:
Mark Thomas wrote:
CVE-2014-0099 Information Disclosure
...
Description: The code used to parse the request co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 5/27/14, 3:04 PM, Mark Thomas wrote:
> On 27/05/2014 19:24, Christopher Schultz wrote:
>> André,
>>
>> On 5/27/14, 10:03 AM, André Warnier wrote:
>>> Mark Thomas wrote:
On 27/05/2014 14:05, André Warnier wrote:
> Mark Thomas wrote
On 27/05/2014 19:24, Christopher Schultz wrote:
> André,
>
> On 5/27/14, 10:03 AM, André Warnier wrote:
>> Mark Thomas wrote:
>>> On 27/05/2014 14:05, André Warnier wrote:
Mark Thomas wrote:
> CVE-2014-0099 Information Disclosure
>
...
> Description: The code used to p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 5/27/14, 10:32 AM, Mark Thomas wrote:
> On 27/05/2014 15:12, Konstantin Preißer wrote:
>> Hi André,
>>
>>> -Original Message- From: André Warnier
>>> [mailto:a...@ice-sa.com] Sent: Tuesday, May 27, 2014 3:06 PM
>>>
>>> Mark Thomas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
André,
On 5/27/14, 10:03 AM, André Warnier wrote:
> Mark Thomas wrote:
>> On 27/05/2014 14:05, André Warnier wrote:
>>> Mark Thomas wrote:
CVE-2014-0099 Information Disclosure
>>> ...
>>>
Description: The code used to parse the requ
Mark Thomas wrote:
On 27/05/2014 15:12, Konstantin Preißer wrote:
Hi André,
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Tuesday, May 27, 2014 3:06 PM
Mark Thomas wrote:
CVE-2014-0099 Information Disclosure
...
Description:
The code used to parse the requ
Hi Mark,
> -Original Message-
> From: Mark Thomas [mailto:ma...@apache.org]
> Sent: Tuesday, May 27, 2014 4:33 PM
> Yes, you need to have a content-length above Long.MAX_VALUE for
> problems
> to occur. That would be unusual to say the least for most (all?)
> applications in normal usag
On 27/05/2014 15:12, Konstantin Preißer wrote:
> Hi André,
>
>> -Original Message-
>> From: André Warnier [mailto:a...@ice-sa.com]
>> Sent: Tuesday, May 27, 2014 3:06 PM
>>
>> Mark Thomas wrote:
>>> CVE-2014-0099 Information Disclosure
>>>
>> ...
>>
>>>
>>> Description:
>>> The code used t
Mark Thomas wrote:
On 27/05/2014 14:05, André Warnier wrote:
Mark Thomas wrote:
CVE-2014-0099 Information Disclosure
...
Description:
The code used to parse the request content length header did not check
for overflow in the result. This exposed a request smuggling
vulnerability when Tomcat
On 27/05/2014 14:05, André Warnier wrote:
> Mark Thomas wrote:
>> CVE-2014-0099 Information Disclosure
>>
> ...
>
>>
>> Description:
>> The code used to parse the request content length header did not check
>> for overflow in the result. This exposed a request smuggling
>> vulnerability when Tomca
CORRECTION: This is CVE-2014-0099 *NOT* -0097
Apologies for the typo
On 27/05/2014 13:46, Mark Thomas wrote:
> CVE-2014-0099 Information Disclosure
>
> Severity: Important
>
> Vendor: The Apache Software Foundation
>
> Versions Affected:
> - Apache Tomcat 8.0.0-RC1 to 8.0.3
> - Apac
11 matches
Mail list logo
