CVE-2010-1452: Fix handling of missing path segments in the parsed URI structure. (da187a4b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

Commit da187a4b authored Jul 21, 2010 by

Paul Querna

CVE-2010-1452: Fix handling of missing path segments in the parsed URI structure.

If a specially crafted request was sent, it is possible to crash mod_dav, 
mod_cache or mod_session, as they accessed a field that is set to NULL
by the URI parser, assuming that it always put in a valid string.

PR: 49246
Submitted by: Mark Drayton
Patch by: Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@966348 13f79535-47bb-0310-9956-ffa450edef68

parent 74c25cb2

Hide whitespace changes

Inline Side-by-side

Please register or to comment