httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 40953] Should not send any data in 1xx/204/304 reply from CGI/PHP/Servlet
Date Wed, 18 Feb 2009 21:49:05 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=40953


Edward Z. Yang <ezyang@mit.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ezyang@mit.edu




--- Comment #6 from Edward Z. Yang <ezyang@mit.edu>  2009-02-18 13:49:04 PST ---
We've run into this "feature enhancement request" recently. It's actually a
more specific example of the fact that Apache doesn't sanity check Status
Code/Content-Length headers that scripts send back. For example, I can take
advantage of this to make a CGI script send two HTTP responses back to a user,
when Keep-Alive is on and a single connection is used:

PoC: https://scripts.mit.edu/~apo/mitchtest/304.py
Code: http://mit.edu/~mitchb/Public/304.py

If the PoC works (it occasionally fails, if that happens, try again), it will
redirect you to https://scripts.mit.edu/~geofft but will display "Injected
Content", which was the second HTTP request sent.

There is also a relevant Firefox bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=363109#c12

It would be very nice to see this fixed.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message