Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/apache2/patches/CVE-2011-3348.patch
branchs11-sru
changeset 2249 9c4f7d7572dd
parent 2248 c2beb07524a9
child 2250 e145454a43d2 
--- a/components/apache2/patches/CVE-2011-3348.patch	Tue Mar 06 10:46:23 2012 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
-  *) SECURITY: CVE-2011-3348 (cve.mitre.org)
-     mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
-     recognized.  [Jean-Frederic Clere]
-
-http://svn.apache.org/viewvc?view=revision&sortby=date&revision=1167158
-
---- modules/proxy/mod_proxy_ajp.c	2011/09/09 13:30:49	1167157
-+++ modules/proxy/mod_proxy_ajp.c	2011/09/09 13:31:06	1167158
-@@ -214,7 +214,9 @@
-                      conn->worker->hostname);
-         if (status == AJP_EOVERFLOW)
-             return HTTP_BAD_REQUEST;
--        else {
-+        else if  (status == AJP_EBAD_METHOD) {
-+            return HTTP_NOT_IMPLEMENTED;
-+        } else {
-             /*
-              * This is only non fatal when the method is idempotent. In this
-              * case we can dare to retry it with a different worker if we are
upstream/oracle/userland-gate