Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/apache2/patches/CVE-2011-3348.patch
changeset 525 72e5516d37ad
equal deleted inserted replaced
524:5dc312917358 525:72e5516d37ad 
       
     1   *) SECURITY: CVE-2011-3348 (cve.mitre.org)
 
       
     2      mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
 
       
     3      recognized.  [Jean-Frederic Clere]
 
       
     4 
       
     5 http://svn.apache.org/viewvc?view=revision&sortby=date&revision=1167158
 
       
     6 
       
     7 --- modules/proxy/mod_proxy_ajp.c	2011/09/09 13:30:49	1167157
 
       
     8 +++ modules/proxy/mod_proxy_ajp.c	2011/09/09 13:31:06	1167158
 
       
     9 @@ -214,7 +214,9 @@
 
       
    10                       conn->worker->hostname);
 
       
    11          if (status == AJP_EOVERFLOW)
 
       
    12              return HTTP_BAD_REQUEST;
 
       
    13 -        else {
 
       
    14 +        else if  (status == AJP_EBAD_METHOD) {
 
       
    15 +            return HTTP_NOT_IMPLEMENTED;
 
       
    16 +        } else {
 
       
    17              /*
 
       
    18               * This is only non fatal when the method is idempotent. In this
 
       
    19               * case we can dare to retry it with a different worker if we are
upstream/oracle/userland-gate