RELEASE SHOWSTOPPERS:
- *) SECURITY: CVE-2007-6388 (cve.mitre.org)
- mod_status: Ensure refresh parameter is numeric to prevent
- a possible XSS attack caused by redirecting to other URLs.
- Reported by SecurityReason. [Mark Cox]
- Trunk version of patch:
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=590641&r2=607873
- 1.3 version of patch attached to:
- http://mail-archives.apache.org/mod_mbox/httpd-dev/200801.mbox/%3c47813C93.4020507@apache.org%3e
- +1: sctemme (with fuankg's change of default refresh time to 10 seconds in r607873), rpluem (as well +1 to secs), fuankg
-
PROPOSED PATCHES FOR THIS RELEASE:
*) mod_rewrite on Win32: change the mutex mechanism for RewriteLog
Changes with Apache 1.3.41
+ *) SECURITY: CVE-2007-6388 (cve.mitre.org)
+ mod_status: Ensure refresh parameter is numeric to prevent
+ a possible XSS attack caused by redirecting to other URLs.
+ Reported by SecurityReason. [Mark Cox]
Changes with Apache 1.3.40
while (status_options[i].id != STAT_OPT_END) {
if ((loc = strstr(r->args, status_options[i].form_data_str)) != NULL) {
switch (status_options[i].id) {
- case STAT_OPT_REFRESH:
- if (*(loc + strlen(status_options[i].form_data_str)) == '='
- && atol(loc + strlen(status_options[i].form_data_str)
- + 1) > 0)
- ap_table_set(r->headers_out,
- status_options[i].hdr_out_str,
- loc + strlen(status_options[i].hdr_out_str) + 1);
- else
- ap_table_set(r->headers_out,
- status_options[i].hdr_out_str, "1");
- break;
+ case STAT_OPT_REFRESH: {
+ long refreshtime = 0;
+ if (*(loc + strlen(status_options[i].form_data_str)) == '=')
+ refreshtime = atol(loc + strlen(status_options[i].form_data_str)+1);
+ ap_table_set(r->headers_out,
+ status_options[i].hdr_out_str,
+ ap_psprintf(r->pool,"%ld",(refreshtime<1)?10:refreshtime));
+ break;
+ }
case STAT_OPT_NOTABLE:
no_table_report = 1;
break;
projects / thirdparty / apache / httpd.git / commitdiff
