axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gilles Gagniard (JIRA)" <>
Subject [jira] [Created] (AXIS2C-1661) vulnerability : buffer overflow in axis2/c http client
Date Tue, 28 Jan 2014 10:48:39 GMT
Gilles Gagniard created AXIS2C-1661:

             Summary: vulnerability : buffer overflow in axis2/c http client
                 Key: AXIS2C-1661
             Project: Axis2-C
          Issue Type: Bug
          Components: core/transport
    Affects Versions: 1.6.0, 1.7.0, Current (Nightly)
         Environment: Any, axis2/c built with native http sender (no libcurl)
            Reporter: Gilles Gagniard
            Priority: Critical

With axis2/c used as a client using http transport, if a malicious server begins its reply
with more than 512 bytes without CRLF (ie. in place of the response status), this causes a
stack overflow in the client. Remote code execution is certainly possible.

Please find a fix for this vulnerability here :

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message