[SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

2013-08-27 Thread wastasy
Hi everyone, I am testing an Apache Tomcat server 6.0.36 on Ubuntu Linux I would like to reproduce CVE-2012-3544 Denial of Service Vulnerability with Apache Tomcat 6.0.36 I tried to send a request using chunked transfer encoding with a web proxy (Burp proxy) but I think I am making a

Re: [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

2013-08-27 Thread André Warnier
wastasy wrote: Hi everyone, I am testing an Apache Tomcat server 6.0.36 on Ubuntu Linux I would like to reproduce CVE-2012-3544 Denial of Service Vulnerability with Apache Tomcat 6.0.36 I tried to send a request using chunked transfer encoding with a web proxy (Burp proxy) but I think I

Re: [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

2013-08-27 Thread Mark Thomas
On 27/08/2013 08:38, wastasy wrote: Hi everyone, I am testing an Apache Tomcat server 6.0.36 on Ubuntu Linux OK. I would like to reproduce CVE-2012-3544 Denial of Service Vulnerability with Apache Tomcat 6.0.36 Why? I tried to send a request using chunked transfer encoding with a web

Re: [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

2013-08-27 Thread wastasy
I would like to reproduce CVE-2012-3544 Denial of Service Vulnerability with Apache Tomcat 6.0.36 Why? 1- I have\want to demonstrate, Apache Tomcat 6.0.36 has a DoS vulnerability 2- I am inquiring and I want to see with my eyes 3- I want to learn more about HTTP and Apache Tomcat 4- Why

Re: [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

2013-08-27 Thread Mark Thomas
On 27/08/2013 10:00, wastasy wrote: I would like to reproduce CVE-2012-3544 Denial of Service Vulnerability with Apache Tomcat 6.0.36 Why? 1- I have\want to demonstrate, Apache Tomcat 6.0.36 has a DoS vulnerability Why? It is already known, published fact that it has one. 2- I am

Re: [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

2013-08-27 Thread wastasy
1- I have\want to demonstrate, Apache Tomcat 6.0.36 has a DoS vulnerability Why? It is already known, published fact that it has one. The extreme value theorem is already known too but million of students around the world have\want to prove it. 4- Why not? There are lots of good reasons

Re: [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

2013-08-27 Thread Mark Thomas
On 27/08/2013 10:45, wastasy wrote: 1- I have\want to demonstrate, Apache Tomcat 6.0.36 has a DoS vulnerability Why? It is already known, published fact that it has one. The extreme value theorem is already known too but million of students around the world have\want to prove it. 4- Why

[SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

2013-05-10 Thread Mark Thomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2012-3544 Chunked transfer encoding extension size is not limited Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.36 Description: When processing a request