Merge r1179239 from trunk:
SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some reverse proxy configurations by strictly validating the request-URI: * server/protocol.c (read_request_line): Send a 400 response if the request-URI does not match the grammar from RFC 2616. This ensures the input string for RewriteRule et al really is an absolute path. Reviewed by: jim, rjung, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1180030 13f79535-47bb-0310-9956-ffa450edef68
parent
e838a014
Please register or sign in to comment