Gilles Gagniard created AXIS2C-1661:
---------------------------------------
Summary: vulnerability : buffer overflow in axis2/c http client
Key: AXIS2C-1661
URL: https://issues.apache.org/jira/browse/AXIS2C-1661
Project: Axis2-C
Issue Type: Bug
Components: core/transport
Affects Versions: 1.6.0, 1.7.0, Current (Nightly)
Environment: Any, axis2/c built with native http sender (no libcurl)
Reporter: Gilles Gagniard
Priority: Critical
With axis2/c used as a client using http transport, if a malicious server begins its reply
with more than 512 bytes without CRLF (ie. in place of the response status), this causes a
stack overflow in the client. Remote code execution is certainly possible.
Please find a fix for this vulnerability here :
https://github.com/gillesgagniard/wso2-wsf-cpp-gg/commit/976f9c60ccade30ae3fe1a2bddbaeb1fdc9e000a
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org
|