httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 19531] - apache accetps everything as HTTP Version
Date Fri, 02 May 2003 14:17:05 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19531>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19531

apache accetps  everything as HTTP Version





------- Additional Comments From bzeeb@zabbadoz.net  2003-05-02 14:17 -------
Ok, one other point:

as long as one can write %s %d ... to logfiles p.ex.
"GET / HTTP/%s%s.%d"

it is also possible to "confuse" log analizers programs.

As Steve Grubb had pointed out p.ex. on bugtraq.vuln-dev along with the
"Apache 2.x leaked descriptors" problem:
"In the past, there have been vulnerable versions of these programs."

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message