httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52774] RewriteRules within outgoing proxy no longer work
Date Thu, 05 Apr 2012 15:30:21 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52774

--- Comment #7 from Petr Sumbera <petr.sumbera@oracle.com> 2012-04-05 15:30:21 UTC ---
Created attachment 28547
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=28547
Example of possible fix.

In original fix for CVE-2011-3368 there was following note:

>From RFC -    /* RFC 2616:
     *   Request-URI    = "*" | absoluteURI | abs_path | authority

But in both fixes for CVE-2011-3368 and CVE-2011-4317 there was no code
allowing 
absoluteURI which is used in case of poxing.

Please see attached diff file which in my case solved this issue (probably the
same fix should go also into mod_proxy.c).

Any comments?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message