SECURITY: CVE-2010-1623 (cve.mitre.org)
Fix a denial of service attack against mod_reqtimeout. [Stefan Fritsch] mod_req-timeout/core: Backport bugfixes from trunk up to r935339: - Do not wrongly enforce timeouts for mod_proxy's backend connections and other protocol handlers (like mod_ftp). - Enforce the timeout for AP_MODE_GETLINE. - If there is a timeout, shorten the lingering close time from 30 to 2 seconds (involves a change in the core). Backports: r921378, r921526, r922407, r923418, r923429, r925986, r928881 r933341, r933547, r935339, r983116, r984985&view=rev Submitted by: sf Reviewed by: wrowe, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1005669 13f79535-47bb-0310-9956-ffa450edef68
parent
56133a94
Please register or sign in to comment