]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4bbf050) | patch
backport r1610501 from trunk:
authorEric Covener <covener@apache.org>
Mon, 14 Jul 2014 20:01:30 +0000 (20:01 +0000)
committerEric Covener <covener@apache.org>
Mon, 14 Jul 2014 20:01:30 +0000 (20:01 +0000)
commit2a8f1c4307e3df22fbd05fc0aa3846bd896fef45
treefc1fc7e647a0cc930e62ba134f05e78f4e91ead2tree | snapshot
parent4bbf0508ea33b0a295f49e11810f6c6d13ba7b47commit | diff
backport r1610501 from trunk:

      *) SECURITY: CVE-2014-0118 (cve.mitre.org)
         mod_deflate: The DEFLATE input filter (inflates request bodies) now
         limits the length and compression ratio of inflated request bodies to avoid
         denial of sevice via highly compressed bodies.  See directives
         DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
         and DeflateInflateRatioBurst.

    Thanks to Giancarlo Pellegrino and Davide Balzarotti for reporting the issue.

Submitted By: ylavic, covener
Reviewed By: jorton, covener, jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610503 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | blame | history
docs/manual/mod/mod_deflate.xml diff | blob | blame | history
modules/filters/mod_deflate.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git