From: William A. Rowe Jr Date: Tue, 2 Mar 2010 04:47:28 +0000 (+0000) Subject: SECURITY: CVE-2010-0408 (cve.mitre.org) X-Git-Tag: 2.2.15~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb8cd5f350df7b10fd94754c7d796fd547830c03;p=thirdparty%2Fapache%2Fhttpd.git SECURITY: CVE-2010-0408 (cve.mitre.org) mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR. Submitted by: Niku Toivola Reviewed by: rpluem, jim, wrowe Backports: r917875 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@917876 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index ac47bfe8a67..dbd1eb9bd50 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,11 @@ Changes with Apache 2.2.15 access control is still vulnerable, unless using OpenSSL >= 0.9.8l. [Joe Orton, Ruediger Pluem, Hartmut Keil ] + *) SECURITY: CVE-2010-0408 (cve.mitre.org) + mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent + when request headers indicate a request body is incoming; not a case of + HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola ] + *) SECURITY: CVE-2010-0425 (cve.mitre.org) mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c index bec8912af73..fa8c41f814a 100644 --- a/modules/proxy/mod_proxy_ajp.c +++ b/modules/proxy/mod_proxy_ajp.c @@ -257,7 +257,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: ap_get_brigade failed"); apr_brigade_destroy(input_brigade); - return HTTP_INTERNAL_SERVER_ERROR; + return HTTP_BAD_REQUEST; } /* have something */