[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited
From: Derick Older <d3x0rwastasy@xxxxxxxxx>
Date: Mon, 26 Aug 2013 16:21:59 +0100 (BST)

Hi everyone,

I am testing an Apache Tomcat server 6.0.36 on Ubuntu Linux
I would like to reproduce  CVE-2012-3544 Denial of Service Vulnerability with 
Apache Tomcat 6.0.36

I tried to send a request using chunked transfer encoding  with a web proxy 
(Burp proxy) but I think I am making a mistake...

How can I reproduce the bug?
How can I send a request using chunked transfer encoding? Can you help me 
please?


Best regards
wastasy

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2743-1] kfreebsd-9 security update
Next by Date: Re: [Full-disclosure] DC4420 - London DEFCON - August Meet - Tuesday 27th August 2013
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2743-1] kfreebsd-9 security update
Next by thread: [Full-disclosure] IBM Lotus iNotes 8.5.x cross-site scripting vulnerabilities
Index(es):
- Date
- Thread