]> git.ipfire.org Git - thirdparty/apache/httpd.git/commitdiff
projects / thirdparty / apache / httpd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f00fd1c)
CAN-2004-1834 was created in March 2004 when it was reported
authorMark J. Cox <mjc@apache.org>
Thu, 1 Sep 2005 13:33:18 +0000 (13:33 +0000)
committerMark J. Cox <mjc@apache.org>
Thu, 1 Sep 2005 13:33:18 +0000 (13:33 +0000)
that mod_disk_cache would store these headers -- leading to a
small potential risk that you'd end up with authentication headers
on disk and visible to users (or cgi scripts or whatever).  Make
a note which commit actually ended up closing this low impact issue.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@265719 13f79535-47bb-0310-9956-ffa450edef68

CHANGES patch | blob | blame | history

diff --git a/CHANGES b/CHANGES
index 445e96b7b98b4e0c4f4bd86f09ab8a4df0a3cb25..323f933bfb7b98902eee0b667399bce7a0962500 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -225,7 +225,8 @@ Changes with Apache 2.0.53
      is causing a potential problem with the LDAP shared memory cache.
      PR 31431 [Graham Leggett]
 
-  *) mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]
+  *) SECURITY: CAN-2004-1834 (cve.mitre.org)
+     mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]
 
   *) Fix the re-linking issue when purging elements from the LDAP cache
      PR 24801.  [Jess Holle <jessh ptc.com>]
Mirror of https://github.com/apache/httpd.git