| Log Message: |
SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
reverse proxy configurations by strictly validating the request-URI:
* server/protocol.c (read_request_line): Send a 400 response if the
request-URI does not match the grammar from RFC 2616. This ensures
the input string for RewriteRule et al really is an absolute path.
Reviewed by: rpluem, wrowe, covener, fielding
|