Skip to content
Commit 11070515 authored by Joe Orton's avatar Joe Orton
Browse files

Merge r1179239 from trunk:

SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
reverse proxy configurations by strictly validating the request-URI:

* server/protocol.c (read_request_line): Send a 400 response if the
  request-URI does not match the grammar from RFC 2616.  This ensures
  the input string for RewriteRule et al really is an absolute path.

Reviewed by: jim, rjung, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1180030 13f79535-47bb-0310-9956-ffa450edef68
parent e838a014
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment