Date: Sat, 18 Jan 2014 22:52:08 +1300 From: Matthew Daley <mattd@...fuzz.com> To: oss-security@...ts.openwall.com Subject: Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 On Sat, Jan 18, 2014 at 10:46 PM, Henri Salo <henri@...v.fi> wrote: > On Sat, Jan 18, 2014 at 02:43:23PM +1300, Matthew Daley wrote: >> Hi, >> >> I'd like to request CVE IDs for these 2 issues. They were found in >> software from the Tntnet Project (www.tntnet.org), which develop >> Tntnet, an open-source web server for C++ web applications. >> >> This is the first such request and the issues are (now) public; this >> message serves as an advisory as well. >> >> >> * Issue #1 >> >> Affected software: cxxtools >> Description: By sending a crafted HTTP query parameter containing two >> percent signs in a row, URL parsing would enter an infinite recursive >> loop, leading to a crash. This allows a remote attacker to DOS the >> server. >> Affected versions: current releases (<= 2.2) >> Fixed in version: 2.2.1 >> Fix: https://github.com/maekitalo/cxxtools/commit/142bb2589dc184709857c08c1e10570947c444e3 >> Release notes: http://www.tntnet.org/download/cxxtools-2.2.1/Releasenotes-2.2.1.markdown >> Reported by: Julian Wiesener >> >> >> * Issue #2 >> >> Affected software: Tntnet >> Description: By sending a crafted HTTP request that uses "\n" to end >> its headers instead of the expected "\r\n", it is possible that >> headers from a previous unrelated request will seemingly be appended >> to the crafted request (due to a missing null termination). This >> allows a remote attacker to use sensitive headers from other users' >> requests in their own requests, such as cookies or HTTP authentication >> credentials. >> Affected versions: current releases (<= 2.2) >> Fixed in version: 2.2.1 >> Fix: https://github.com/maekitalo/tntnet/commit/9bd3b14042e12d84f39ea9f55731705ba516f525 >> and https://github.com/maekitalo/tntnet/commit/9d1a859e28b78bfbf769689454b529ac7709dee4 >> Release notes: http://www.tntnet.org/download/tntnet-2.2.1/Releasenotes-2.2.1.markdown >> Reported by: Matthew Daley >> >> Please let me know if you need any further information. >> >> Thanks, >> >> - Matthew Daley > > Just a small note for assigner. These were fixed last year so should get 2013 > CVE IDs if I'm correct. Sorry, I forgot to mention that. Yes, they were both reported and fixed (in master, at least) in 2013. - Matthew > > --- > Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ