Date: Sat, 18 Jan 2014 11:46:14 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 On Sat, Jan 18, 2014 at 02:43:23PM +1300, Matthew Daley wrote: > Hi, > > I'd like to request CVE IDs for these 2 issues. They were found in > software from the Tntnet Project (www.tntnet.org), which develop > Tntnet, an open-source web server for C++ web applications. > > This is the first such request and the issues are (now) public; this > message serves as an advisory as well. > > > * Issue #1 > > Affected software: cxxtools > Description: By sending a crafted HTTP query parameter containing two > percent signs in a row, URL parsing would enter an infinite recursive > loop, leading to a crash. This allows a remote attacker to DOS the > server. > Affected versions: current releases (<= 2.2) > Fixed in version: 2.2.1 > Fix: https://github.com/maekitalo/cxxtools/commit/142bb2589dc184709857c08c1e10570947c444e3 > Release notes: http://www.tntnet.org/download/cxxtools-2.2.1/Releasenotes-2.2.1.markdown > Reported by: Julian Wiesener > > > * Issue #2 > > Affected software: Tntnet > Description: By sending a crafted HTTP request that uses "\n" to end > its headers instead of the expected "\r\n", it is possible that > headers from a previous unrelated request will seemingly be appended > to the crafted request (due to a missing null termination). This > allows a remote attacker to use sensitive headers from other users' > requests in their own requests, such as cookies or HTTP authentication > credentials. > Affected versions: current releases (<= 2.2) > Fixed in version: 2.2.1 > Fix: https://github.com/maekitalo/tntnet/commit/9bd3b14042e12d84f39ea9f55731705ba516f525 > and https://github.com/maekitalo/tntnet/commit/9d1a859e28b78bfbf769689454b529ac7709dee4 > Release notes: http://www.tntnet.org/download/tntnet-2.2.1/Releasenotes-2.2.1.markdown > Reported by: Matthew Daley > > Please let me know if you need any further information. > > Thanks, > > - Matthew Daley Just a small note for assigner. These were fixed last year so should get 2013 CVE IDs if I'm correct. --- Henri Salo Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ