httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject HTTP Spoofing
Date Fri, 01 Jul 2005 04:23:29 GMT
1.3 proxy doesn't accept T-E:chunked request bodies.

1.3 proxy doesn't perform keep-alives against a backend.

I think we are safe, but additional opinions are welcome.

Bill

At 02:18 PM 6/30/2005, Mark J Cox wrote:
>> I'm obtaining a CVE name for this issue -- (as the issue is already public 
>> it requires co-ordination with Mitre)
>
>CAN-2005-2088
>
>Has anyone looked to make sure this doesn't apply to later 1.3 releases?  
>
>Cheers,
>Mark



Mime
View raw message