Skip to content
Commit d239e981 authored by Joe Orton's avatar Joe Orton
Browse files

Merge r1179239 from trunk:

SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
reverse proxy configurations by strictly validating the request-URI:

* server/protocol.c (read_request_line): Send a 400 response if the
  request-URI does not match the grammar from RFC 2616.  This ensures
  the input string for RewriteRule et al really is an absolute path.

Reviewed by: jim, covener, rjung


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1179525 13f79535-47bb-0310-9956-ffa450edef68
parent 12e5e42f
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment