equal
deleted
inserted
replaced
|
1 *) SECURITY: CVE-2011-3348 (cve.mitre.org) |
|
2 mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not |
|
3 recognized. [Jean-Frederic Clere] |
|
4 |
|
5 http://svn.apache.org/viewvc?view=revision&sortby=date&revision=1167158 |
|
6 |
|
7 --- modules/proxy/mod_proxy_ajp.c 2011/09/09 13:30:49 1167157 |
|
8 +++ modules/proxy/mod_proxy_ajp.c 2011/09/09 13:31:06 1167158 |
|
9 @@ -214,7 +214,9 @@ |
|
10 conn->worker->hostname); |
|
11 if (status == AJP_EOVERFLOW) |
|
12 return HTTP_BAD_REQUEST; |
|
13 - else { |
|
14 + else if (status == AJP_EBAD_METHOD) { |
|
15 + return HTTP_NOT_IMPLEMENTED; |
|
16 + } else { |
|
17 /* |
|
18 * This is only non fatal when the method is idempotent. In this |
|
19 * case we can dare to retry it with a different worker if we are |