httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 57832] Reduction of response splitting attacks consequences in mod_proxy
Date Mon, 18 May 2015 09:03:11 GMT

--- Comment #9 from regilero <> ---
This version is OK.

Stored injections are always detected, small and big.
The only way to inject a new response is to have a fine control of the backend
stream and use timers between responses, which ,by definition, cannot be
detected by mod_proxy.

So it's almost good. I think there's maybe just one problem with responses from
backends containing one extra CRLF. This is already managed by mod_proxy and
allowed by the RFC. But here, if I'm not wrong on my tests, it makes a
connection status 2.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message