From: William A. Rowe Jr Date: Tue, 2 Mar 2010 04:46:13 +0000 (+0000) Subject: SECURITY: CVE-2010-0408 (cve.mitre.org) X-Git-Tag: 2.3.6~421 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=29525f5d2c0514611cb8c5b616fd88d6fc0ce6a0;p=thirdparty%2Fapache%2Fhttpd.git SECURITY: CVE-2010-0408 (cve.mitre.org) mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR. Submitted by: Niku Toivola Reviewed by: rpluem, jim, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@917875 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c index 635ba32a891..0f5674cbec3 100644 --- a/modules/proxy/mod_proxy_ajp.c +++ b/modules/proxy/mod_proxy_ajp.c @@ -257,7 +257,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: ap_get_brigade failed"); apr_brigade_destroy(input_brigade); - return HTTP_INTERNAL_SERVER_ERROR; + return HTTP_BAD_REQUEST; } /* have something */