]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2f52ae8) | patch
Merge https://svn.apache.org/r1796348 from trunk:
authorEric Covener <covener@apache.org>
Mon, 19 Jun 2017 17:01:50 +0000 (17:01 +0000)
committerEric Covener <covener@apache.org>
Mon, 19 Jun 2017 17:01:50 +0000 (17:01 +0000)
commit9c9968584e25304b94ce9f174edc51aacc03a79c
tree3ce6ead651c37519458e13e9a6f43545ec4cbd39tree
parent2f52ae84967935d11dd686a3293820674009310fcommit | diff
Merge https://svn.apache.org/r1796348 from trunk:

  *) SECURITY: CVE-2017-3167 (cve.mitre.org)
     Use of the ap_get_basic_auth_pw() by third-party modules outside of the
     authentication phase may lead to authentication requirements being
     bypassed.
     [Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener]

Submitted By: Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener
Reviewed By: covener, ylavic, wrowe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799232 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | blame | history
STATUS diff | blob | blame | history
include/ap_mmn.h diff | blob | blame | history
include/http_protocol.h diff | blob | blame | history
server/protocol.c diff | blob | blame | history
server/request.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git