Filip Hanik - Dev Lists wrote:
Mark Thomas wrote:
Michal Vyskocil wrote:
I'm unable to locate a patch to fix the CVE-2005-2090. I cannot found
any hint from svn commit log or bugzilla.
Maybe is this commit
------------------------------------------------------------------------
r513079 | markt | 2007-03-01 01:26:12 +0100 (Čt, 01 bře 2007) | 1 line
As per RFC2616, requests with multiple content-length headers are
invalid.
Yep, that's it.
isn't it documented incorrectly then?, we dont return 400, we just grab
one of the headers.
If you look at the code for MimeHeaders.getUniqueValue() you'll see that
the code throws an IAE if multiple values are found in the headers.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
