Skip to content
Commit 15109e4e authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files

SECURITY: CVE-2010-1623 (cve.mitre.org)

Fix a denial of service attack against mod_reqtimeout.
[Stefan Fritsch]

mod_req-timeout/core: Backport bugfixes from trunk up to r935339:
    - Do not wrongly enforce timeouts for mod_proxy's backend
      connections and other protocol handlers (like mod_ftp).
    - Enforce the timeout for AP_MODE_GETLINE.
    - If there is a timeout, shorten the lingering close time from 30 to
      2 seconds (involves a change in the core).

Backports: r921378, r921526, r922407, r923418, r923429, r925986, r928881
           r933341, r933547, r935339, r983116, r984985&view=rev
Submitted by: sf
Reviewed by: wrowe, trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1005669 13f79535-47bb-0310-9956-ffa450edef68
parent 56133a94
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment