httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pque...@apache.org
Subject svn commit: r209723 - /httpd/httpd/trunk/CHANGES
Date Fri, 08 Jul 2005 09:35:58 GMT
Author: pquerna
Date: Fri Jul  8 02:35:56 2005
New Revision: 209723

URL: http://svn.apache.org/viewcvs?rev=209723&view=rev
Log:
The request smuggling issue did get assigned CAN-2005-2088.

Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=209723&r1=209722&r2=209723&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES (original)
+++ httpd/httpd/trunk/CHANGES Fri Jul  8 02:35:56 2005
@@ -19,7 +19,7 @@
   *) Fix htdbm password validation for records which included comments.
      [Eric Covener <covener gmail.com>]
 
-  *) SECURITY: 
+  *) SECURITY: CAN-2005-2088
      proxy HTTP: If a response contains both Transfer-Encoding and a 
      Content-Length, remove the Content-Length and don't reuse the
      connection, stopping some HTTP Request smuggling attacks.
@@ -30,7 +30,7 @@
 
 Changes with Apache 2.1.5
 
-  *) SECURITY: 
+  *) SECURITY: CAN-2005-2088
      core: If a request contains both Transfer-Encoding and a Content-Length,
      remove the Content-Length, stopping some HTTP Request smuggling attacks.
      [Paul Querna]



Mime
View raw message