Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 33620 invoked from network); 15 Jul 2005 18:33:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 15 Jul 2005 18:33:11 -0000 Received: (qmail 66561 invoked by uid 500); 15 Jul 2005 18:33:10 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 66547 invoked by uid 500); 15 Jul 2005 18:33:10 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 66526 invoked by uid 99); 15 Jul 2005 18:33:09 -0000 X-ASF-Spam-Status: No, hits=-9.8 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Fri, 15 Jul 2005 11:32:58 -0700 Received: (qmail 33585 invoked by uid 65534); 15 Jul 2005 18:32:56 -0000 Message-ID: <20050715183256.33584.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r219231 - /httpd/httpd/trunk/CHANGES Date: Fri, 15 Jul 2005 18:32:55 -0000 To: cvs@httpd.apache.org From: wrowe@apache.org X-Mailer: svnmailer-1.0.2 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: wrowe Date: Fri Jul 15 11:32:54 2005 New Revision: 219231 URL: http://svn.apache.org/viewcvs?rev=219231&view=rev Log: Backported a few already Modified: httpd/httpd/trunk/CHANGES Modified: httpd/httpd/trunk/CHANGES URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=219231&r1=219230&r2=219231&view=diff ============================================================================== --- httpd/httpd/trunk/CHANGES (original) +++ httpd/httpd/trunk/CHANGES Fri Jul 15 11:32:54 2005 @@ -3,11 +3,10 @@ *) SECURITY: CAN-2005-2088 proxy: Correctly handle the Transfer-Encoding and Content-Length - headers, discard the request Content-Length whenever T-E: chunked + headers. Discard the request Content-Length whenever T-E: chunked is used, always passing one of either C-L or T-E: chunked whenever - the request includes a request body, and no longer upgrade HTTP/1.0 - requests to the origin server as HTTP/1.1. Resolves an entire class - of proxy HTTP Request Splitting/Spoofing attacks. [William Rowe] + the request includes a request body. Resolves an entire class of + proxy HTTP Request Splitting/Spoofing attacks. [William Rowe] *) Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method. This addresses a flaw in proxy @@ -34,19 +33,9 @@ Changes with Apache 2.1.6 - *) SECURITY: CAN-2005-2088 - core: If a request contains both Transfer-Encoding and Content-Length - headers, remove the Content-Length, mitigating some HTTP Request - Splitting/Spoofing attacks. [Paul Querna] - *) Fix htdbm password validation for records which included comments. [Eric Covener ] - *) proxy HTTP: If a response contains both Transfer-Encoding and a - Content-Length, remove the Content-Length and don't reuse the - connection, mitigating some HTTP Response Splitting attacks. - [Jeff Trawick] - *) mod_cgid: Fix buffer overflow processing ScriptSock directive. [Steve Kemp ] @@ -772,6 +761,16 @@ Apache 2.0.xx tree as documented, and except as noted, below.] Changes with Apache 2.0.55 + + *) SECURITY: CAN-2005-2088 + core: If a request contains both Transfer-Encoding and Content-Length + headers, remove the Content-Length, mitigating some HTTP Request + Splitting/Spoofing attacks. [Paul Querna, Joe Orton] + + *) proxy HTTP: If a response contains both Transfer-Encoding and a + Content-Length, remove the Content-Length and don't reuse the + connection, mitigating some HTTP Response Splitting attacks. + [Jeff Trawick] *) SECURITY: CAN-2005-1268 (cve.mitre.org) mod_ssl: Fix off-by-one overflow whilst printing CRL information