https://bugzilla.redhat.com/show_bug.cgi?id=1250352
--- Doc Text *updated* by Summer Long <slong(a)redhat.com> ---
HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto
libraries. Request headers with double Content-Length fields do not generate a 400 error
(the second field is ignored), and invalid fields are parsed as valid (for example,
"Content Length:" with a space in the middle is accepted). A non-authenticated
attacker could exploit these flaws to bypass security controls, perform web-cache
poisoning, or alter the request/response map (denial of service).
--
You are receiving this mail because:
You are on the CC list for the bug.