Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/apache2/patches/CVE-2011-3348.patch
changeset 714 b205ca9f0d84
parent 713 49ef3f4a3990
child 715 eed3ed08f692 
--- a/components/apache2/patches/CVE-2011-3348.patch	Wed Feb 29 11:01:07 2012 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
-  *) SECURITY: CVE-2011-3348 (cve.mitre.org)
-     mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
-     recognized.  [Jean-Frederic Clere]
-
-http://svn.apache.org/viewvc?view=revision&sortby=date&revision=1167158
-
---- modules/proxy/mod_proxy_ajp.c	2011/09/09 13:30:49	1167157
-+++ modules/proxy/mod_proxy_ajp.c	2011/09/09 13:31:06	1167158
-@@ -214,7 +214,9 @@
-                      conn->worker->hostname);
-         if (status == AJP_EOVERFLOW)
-             return HTTP_BAD_REQUEST;
--        else {
-+        else if  (status == AJP_EBAD_METHOD) {
-+            return HTTP_NOT_IMPLEMENTED;
-+        } else {
-             /*
-              * This is only non fatal when the method is idempotent. In this
-              * case we can dare to retry it with a different worker if we are
upstream/oracle/userland-gate