Hi, We are using Tomcat 4.0.4 in our product. We have a daemon which is a wrapper around the tomcat. We are facing one security issue with the Tomcat. If we send a HTTP packet with a long string in the Host field, it closes the connection. EX: >>telnet <machine> <port on which tomcat is running> GET /index.html HTTP/1.1 Host: <very long string> ------------ HTTP/1.1 400 Bad Request Content-Type: text/html Date: Fri, 14 Oct 2005 05:16:57 GMT Connection: close Server: Apache Tomcat/4.0.4 (HTTP/1.1 Connector) Connection closed by foreign host.
Though tomcat closes the connection, somewhere it is overwriiting the memory and not cleaning up the buffer/ memory which holds this host string. Because of this, applications which are already launched through the tomcat webserver gets the exception and our daemon dies. Can somebody help me in figuring out 1.Is this a know issue with the tomcat? 2.If yes, can I get a patch on top of Tomcat 4x where the above problem is fixed? Any pointers on this would be of great help!!! Thanks, Rashma --------------------------------- How much free photo storage do you get? Store your friends n family photos for FREE with Yahoo! Photos. http://in.photos.yahoo.com