On 22/08/2014 03:31, ?????? wrote: > I read an article on the internet that says that Tomcat was > found to accept content-length headers with chunked encoding over any > HTTP connector and multiple content-length headers in a request when > using the AJP connector. This could allow attackers to poison a > web-cache, bypass web application firewall protection, or conduct > cross-site scripting attacks. the article is > https://bugzilla.redhat.com/show_bug.cgi?id=1069921 so I want > to know how can I produce this bug again to show the > processor of the bug to my colleague , what should I do to > produce the bug again , I am looking forward for your reply > !!! thanks a lot
This is CVE-2013-4286. There is enough information in the vulnerability report [1] for a competent security professional to understand how the issue occurs, how to reproduce the issue and how to mitigate the issue. This isn't hacker school. If you can't work out how to reproduce the issue from the information available, the folks here aren't going to provide you with an idiot proof recipe that any script kiddie can then use. If you want to recreate this issue you are going to have to do some more research based on the information you already have until you understand the issue well enough to be able to recreate it. I suggest you start looking into security vulnerabilities involving multiple content length headers. Mark [1] http://markmail.org/message/yvxny4p2lwhfzha7 > > > > > > > > wangchao 2014/08/22 > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org