Vigil@nce - Apache Tomcat: session tempering via Transfer-Encoding
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use the HTTP Transfer-Encoding header, in order to
temper Apache Tomcat sessions.
Severity: 2/4
Creation date: 09/07/2010
DESCRIPTION OF THE VULNERABILITY
The HTTP Transfer-Encoding header indicates the data transfer mode
(chunked, compress, deflate, gzip, etc.).
The HTTP server of Tomcat does not correctly manage malformed
Transfer-Encoding headers. The following HTTP query can then fail,
or return data belonging to another session.
An attacker can therefore use the HTTP Transfer-Encoding header,
in order to temper Apache Tomcat sessions.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-Tomcat-session-tempering-via-Transfer-Encoding-9750