--- a/components/apache2/patches/CVE-2011-3348.patch Tue Mar 06 10:46:23 2012 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
- *) SECURITY: CVE-2011-3348 (cve.mitre.org)
- mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
- recognized. [Jean-Frederic Clere]
-
-http://svn.apache.org/viewvc?view=revision&sortby=date&revision=1167158
-
---- modules/proxy/mod_proxy_ajp.c 2011/09/09 13:30:49 1167157
-+++ modules/proxy/mod_proxy_ajp.c 2011/09/09 13:31:06 1167158
-@@ -214,7 +214,9 @@
- conn->worker->hostname);
- if (status == AJP_EOVERFLOW)
- return HTTP_BAD_REQUEST;
-- else {
-+ else if (status == AJP_EBAD_METHOD) {
-+ return HTTP_NOT_IMPLEMENTED;
-+ } else {
- /*
- * This is only non fatal when the method is idempotent. In this
- * case we can dare to retry it with a different worker if we are