]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b472367) | patch
*) SECURITY: CVE-2014-0118 (cve.mitre.org)
authorEric Covener <covener@apache.org>
Mon, 14 Jul 2014 19:56:15 +0000 (19:56 +0000)
committerEric Covener <covener@apache.org>
Mon, 14 Jul 2014 19:56:15 +0000 (19:56 +0000)
commit2bcaded2f641a7444bc7519c96919bdacec86850
tree78580a0e03e066a48eb1d2a6284ec9000a7b13d9tree
parentb47236794b0209190934d019cab39c41e6e4c52bcommit | diff
  *) SECURITY: CVE-2014-0118 (cve.mitre.org)
     mod_deflate: The DEFLATE input filter (inflates request bodies) now
     limits the length and compression ratio of inflated request bodies to avoid
     denial of sevice via highly compressed bodies.  See directives
     DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
     and DeflateInflateRatioBurst.

Thanks to Giancarlo Pellegrino and Davide Balzarotti for reporting the issue.

Submitted By: ylavic, covener
Reviewed By: jorton, covener, jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610501 13f79535-47bb-0310-9956-ffa450edef68
docs/manual/mod/mod_deflate.xml diff | blob | blame | history
modules/filters/mod_deflate.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git