]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7b9dce3) | patch
Merge r1209432 from trunk:
authorJoe Orton <jorton@apache.org>
Fri, 2 Dec 2011 12:12:24 +0000 (12:12 +0000)
committerJoe Orton <jorton@apache.org>
Fri, 2 Dec 2011 12:12:24 +0000 (12:12 +0000)
commit5e49a2a02b743004fa4de9ef755bd9e8b5c6d8ff
treed8e4d8ade4e2cd177106b74ba07ec1ae53386d37tree | snapshot
parent7b9dce34cfaa5cf5e0febd90b05a545f90217c9ecommit | diff
Merge r1209432 from trunk:

Fix for additional cases of URL rewriting with ProxyPassMatch or
RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations. (CVE-2011-4317)

Thanks to Prutha Parikh from Qualys for reporting this issue.

* modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*"
  request-URI.  Fail for cases where r->uri does not begin with a "/".

* modules/mappers/mod_rewrite.c (hook_uri2file): Likewise.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1209436 13f79535-47bb-0310-9956-ffa450edef68
modules/mappers/mod_rewrite.c diff | blob | blame | history
modules/proxy/mod_proxy.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git