cve-2014-0227 request smuggling
危害程度:重要!
影響的版本包括:
apache tomcat 8.0.0-rc1 to 8.0.8
apache tomcat 7.0.0 to 7.0.54
apache tomcat 6.0.0 to 6.0.41
漏洞描述:
chucked 請求包含一個受損的 chunk 可能導緻 tomcat 讀取部分請求的 body 做為一個新請求。
解決辦法:
upgrade to apache tomcat 8.0.9 or later
upgrade to apache tomcat 7.0.55 or later
upgrade to apache tomcat 6.0.43 or later (6.0.42 contains the fix but was not released)
官方消息: