Commit 7b6ac14c authored by Jeff Trawick's avatar Jeff Trawick
Browse files

propose patch for CVE-2012-0031 on 2.0.x (older patch wouldn't quite apply) 


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1237152 13f79535-47bb-0310-9956-ffa450edef68
parent ca03adae

STATUS

+4 −0
Original line number Diff line number Diff line
@@ -150,6 +150,10 @@ RELEASE SHOWSTOPPERS: 
     could cause the parent to crash at shutdown rather than terminate 

     cleanly.  [Joe Orton]



     r1231058 on 2.0.x:

       http://people.apache.org/~trawick/2.0-CVE-2012-0031-r1231058.patch

     +1: trawick



  *) SECURITY: CVE-2012-0053 (cve.mitre.org)

     Fix an issue in error responses that could expose "httpOnly" cookies

     when no custom ErrorDocument is specified for status code 400.