[Mono-dev] Security Issue
Greg Young
gregoryyoung1 at gmail.com
Fri Feb 28 19:28:34 UTC 2014
We use raw http listener
Sent from my iPhone
> On 28 Feb 2014, at 20:49, Brandon Perry <bperry.volatile at gmail.com> wrote:
>
> Does this work against xsp running independently from apache or does it require mod_mono? Currently testing against xsp4 2.10.0.0 and they web server does not crash.
>
> Obviously this is relatively old.
>
> Sent from a computer
>
>> On Feb 28, 2014, at 9:22 AM, Greg Young <gregoryyoung1 at gmail.com> wrote:
>>
>> After some reproduction work we found it was an API difference in mono httplistener vs .net http listener that caused us to mangle something.
>>
>> In particular on a post with no content-length mono throws a disposed exception on accessing context where as .net does not.
>>
>> To reproduce use:
>>
>> curl -v http://server.com/ -X POST
>>
>> Cheers,
>>
>> Greg
>>
>>
>>> On Fri, Feb 28, 2014 at 3:48 PM, Sebastien Pouliot <sebastien.pouliot at gmail.com> wrote:
>>> Hello Greg,
>>>
>>> Use the contact form found at
>>> http://www.mono-project.com/Vulnerabilities
>>>
>>> Thanks
>>> Sebastien
>>>
>>>
>>>> On Fri, Feb 28, 2014 at 8:40 AM, Greg Young <gregoryyoung1 at gmail.com> wrote:
>>>> I believe I have what should be a top rated security vulnerability that probably should not be discussed on this list as it allows anyone to take down a mono back end with a poisoned packet. Who should I talk to about this?
>>>>
>>>> Greg
>>>>
>>>> --
>>>> Le doute n'est pas une condition agréable, mais la certitude est absurde.
>>>>
>>>> _______________________________________________
>>>> Mono-devel-list mailing list
>>>> Mono-devel-list at lists.ximian.com
>>>> http://lists.ximian.com/mailman/listinfo/mono-devel-list
>>
>>
>>
>> --
>> Le doute n'est pas une condition agréable, mais la certitude est absurde.
>> _______________________________________________
>> Mono-devel-list mailing list
>> Mono-devel-list at lists.ximian.com
>> http://lists.ximian.com/mailman/listinfo/mono-devel-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20140228/24e5d4a6/attachment-0001.html>
More information about the Mono-devel-list
mailing list