httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: svn commit: r209854 - /httpd/httpd/trunk/CHANGES
Date Fri, 08 Jul 2005 18:33:23 GMT
Please don't remove that altogether.

The proper name of the entire class of vulnerabilities (of which
Splitting and Spoofing are a subset) is HTTP Response Splitting.

At 01:16 PM 7/8/2005, jorton@apache.org wrote:
>Author: jorton
>Date: Fri Jul  8 11:16:49 2005
>New Revision: 209854
>
>URL: http://svn.apache.org/viewcvs?rev=209854&view=rev
>Log:
>Don't talk about request smuggling in the response handling fix.
>
>Modified:
>    httpd/httpd/trunk/CHANGES
>
>Modified: httpd/httpd/trunk/CHANGES
>URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=209854&r1=209853&r2=209854&view=diff
>==============================================================================
>--- httpd/httpd/trunk/CHANGES (original)
>+++ httpd/httpd/trunk/CHANGES Fri Jul  8 11:16:49 2005
>@@ -30,8 +30,7 @@
> 
>   *) proxy HTTP: If a response contains both Transfer-Encoding and a 
>      Content-Length, remove the Content-Length and don't reuse the
>-     connection, stopping some HTTP Request smuggling attacks.
>-     [Jeff Trawick]
>+     connection.  [Jeff Trawick]
> 
>   *) mod_cgid: Fix buffer overflow processing ScriptSock directive.
>      [Steve Kemp <steve steve.org.uk>]
>@@ -122,7 +121,7 @@
>   
>   *) mod_deflate: Merge the Vary header, isntead of Setting it. Fixes
>      applications that send the Vary Header themselves, and also apply 
>-     mod_defalte as an output filter. [Paul Querna]
>+     mod_deflate as an output filter. [Paul Querna]
> 
>   *) Change the default (when not present in the config file) setting
>      for UseCanonicalName to Off.



Mime
View raw message