unmangle the example config for CVE-2023-2569

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908165 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index db8f0443eaed8a2676ff5d6a52ec59a4d6afbbf5..a4a26fdb44371e8f818f27bf11f535d7b68ecafa 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -17,18 +17,13 @@ Changes with Apache 2.4.56
      Some mod_proxy configurations on Apache HTTP Server versions
      2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
      Configurations are affected when mod_proxy is enabled along with
-     some form of RewriteRule
-     or ProxyPassMatch in which a non-specific pattern matches
-     some portion of the user-supplied request-target (URL) data and
-     is then
-     re-inserted into the proxied request-target using variable
-     substitution. For example, something like:
-     RewriteEngine on
-     RewriteRule "^/here/(.*)" "
-     http://example.com:8080/elsewhere?$1"
-     http://example.com:8080/elsewhere ; [P]
-     ProxyPassReverse /here/  http://example.com:8080/
-     http://example.com:8080/
+     some form of RewriteRule or ProxyPassMatch in which a non-specific
+     pattern matches some portion of the user-supplied request-target (URL)
+     data and is then re-inserted into the proxied request-target
+     using variable substitution. For example, something like:
+        RewriteEngine on
+        RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P]
+        ProxyPassReverse /here/  http://example.com:8080/
      Request splitting/smuggling could result in bypass of access
      controls in the proxy server, proxying unintended URLs to
      existing origin servers, and cache poisoning.