httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51878] 2.2.21 is not compliant for byterange 0- returning 200 instead of 206
Date Wed, 21 Mar 2012 11:39:21 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51878

matty <matty.roland1@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |

--- Comment #10 from matty <matty.roland1@gmail.com> 2012-03-21 11:39:21 UTC ---
When "killapache.pl" script is executed against Opensource Apache 2.2.22
Windows binary, it shows "host seems vuln" message. This behaviour was not
observed in Apache 2.2.21 version. Whether this means CVE-2011-3192
vulnerability is re-introduced in Opensource Apache 2.2.22 version while fixing
the below byterange regression?

*) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
A range of '0-' will now return 206 instead of 200. PR 51878.
[Jim Jagielski]

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message