Date: Sat, 18 Jan 2014 14:43:23 +1300 From: Matthew Daley <mattd@...fuzz.com> To: oss-security@...ts.openwall.com Cc: Tommi Mäkitalo <tommi@...net.org> Subject: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 Hi, I'd like to request CVE IDs for these 2 issues. They were found in software from the Tntnet Project (www.tntnet.org), which develop Tntnet, an open-source web server for C++ web applications. This is the first such request and the issues are (now) public; this message serves as an advisory as well. * Issue #1 Affected software: cxxtools Description: By sending a crafted HTTP query parameter containing two percent signs in a row, URL parsing would enter an infinite recursive loop, leading to a crash. This allows a remote attacker to DOS the server. Affected versions: current releases (<= 2.2) Fixed in version: 2.2.1 Fix: https://github.com/maekitalo/cxxtools/commit/142bb2589dc184709857c08c1e10570947c444e3 Release notes: http://www.tntnet.org/download/cxxtools-2.2.1/Releasenotes-2.2.1.markdown Reported by: Julian Wiesener * Issue #2 Affected software: Tntnet Description: By sending a crafted HTTP request that uses "\n" to end its headers instead of the expected "\r\n", it is possible that headers from a previous unrelated request will seemingly be appended to the crafted request (due to a missing null termination). This allows a remote attacker to use sensitive headers from other users' requests in their own requests, such as cookies or HTTP authentication credentials. Affected versions: current releases (<= 2.2) Fixed in version: 2.2.1 Fix: https://github.com/maekitalo/tntnet/commit/9bd3b14042e12d84f39ea9f55731705ba516f525 and https://github.com/maekitalo/tntnet/commit/9d1a859e28b78bfbf769689454b529ac7709dee4 Release notes: http://www.tntnet.org/download/tntnet-2.2.1/Releasenotes-2.2.1.markdown Reported by: Matthew Daley Please let me know if you need any further information. Thanks, - Matthew Daley
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ