https://issues.apache.org/bugzilla/show_bug.cgi?id=40953
Edward Z. Yang <ezyang@mit.edu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ezyang@mit.edu
--- Comment #6 from Edward Z. Yang <ezyang@mit.edu> 2009-02-18 13:49:04 PST ---
We've run into this "feature enhancement request" recently. It's actually a
more specific example of the fact that Apache doesn't sanity check Status
Code/Content-Length headers that scripts send back. For example, I can take
advantage of this to make a CGI script send two HTTP responses back to a user,
when Keep-Alive is on and a single connection is used:
PoC: https://scripts.mit.edu/~apo/mitchtest/304.py
Code: http://mit.edu/~mitchb/Public/304.py
If the PoC works (it occasionally fails, if that happens, try again), it will
redirect you to https://scripts.mit.edu/~geofft but will display "Injected
Content", which was the second HTTP request sent.
There is also a relevant Firefox bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=363109#c12
It would be very nice to see this fixed.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
|