Merge https://svn.apache.org/r1796348 from trunk: (7103baa2) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

Commit 7103baa2 authored Jun 19, 2017 by

Eric Covener

Merge https://svn.apache.org/r1796348 from trunk:

  *) SECURITY: CVE-2017-3167 (cve.mitre.org)
     Use of the ap_get_basic_auth_pw() by third-party modules outside of the
     authentication phase may lead to authentication requirements being
     bypassed.
     [Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener]


Submitted By: Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener
Reviewed By: covener, ylavic, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799232 13f79535-47bb-0310-9956-ffa450edef68

parent 3fdeae4d

Hide whitespace changes

Inline Side-by-side

Please register or to comment