/[Apache-SVN]
ViewVC logotype

Revision 1179239


Jump to revision: Previous Next
Author: jorton
Date: Wed Oct 5 14:24:44 2011 UTC (13 years, 6 months ago)
Changed paths: 1
Log Message:
SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
reverse proxy configurations by strictly validating the request-URI:

* server/protocol.c (read_request_line): Send a 400 response if the
  request-URI does not match the grammar from RFC 2616.  This ensures
  the input string for RewriteRule et al really is an absolute path.

Reviewed by: rpluem, wrowe, covener, fielding


Changed paths

Path Details
Directoryhttpd/httpd/trunk/server/protocol.c modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26