DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25193>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25193 Wrong Content-Length in POST could cause information leakage / misbehaviour Summary: Wrong Content-Length in POST could cause information leakage / misbehaviour Product: Tomcat 5 Version: 5.0.16 Platform: PC OS/Version: Linux Status: NEW Severity: Major Priority: Other Component: Tester AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Hi, since we had some strange behaviour according to some parts of our software, we found something in Tomcat 4.1.18, 4.2.25 and 5.0.16 (guess so, also on lot of other versions..) If a POST-request sends a wrong Content-length (too large), Tomcat does not send a HTTP 400 Code but continues to process the request. This is no really problem so far, since all parameters whith the POST-request are still read in a correct matter. But if the client cuts the connection (presses the abort-button, goes offline, anyway..) Tomcat uses data from previous request to get the given content-length. (Seems the buffer is not cleared correctly). This could lead to some critical information leakage on client side, if paramters are bounced back to client (e.g. preview-functions in guestbooks, forums, ...) and can also some really strange behaviour if you use this information to generate and send an email. So content from other "mails" is taken and filled into a new mail. Is there any workaround known? Greetz Christian --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]