7092986 Problem with utility/apache build-175
authorPetr Sumbera <petr.sumbera@oracle.com>
Fri, 23 Sep 2011 06:10:48 -0700
changeset 525 72e5516d37ad
parent 524 5dc312917358
child 526 5c168675440c
7092986 Problem with utility/apache
components/apache2/patches/CVE-2011-3348.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/patches/CVE-2011-3348.patch	Fri Sep 23 06:10:48 2011 -0700
@@ -0,0 +1,19 @@
+  *) SECURITY: CVE-2011-3348 (cve.mitre.org)
+     mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
+     recognized.  [Jean-Frederic Clere]
+
+http://svn.apache.org/viewvc?view=revision&sortby=date&revision=1167158
+
+--- modules/proxy/mod_proxy_ajp.c	2011/09/09 13:30:49	1167157
++++ modules/proxy/mod_proxy_ajp.c	2011/09/09 13:31:06	1167158
[email protected]@ -214,7 +214,9 @@
+                      conn->worker->hostname);
+         if (status == AJP_EOVERFLOW)
+             return HTTP_BAD_REQUEST;
+-        else {
++        else if  (status == AJP_EBAD_METHOD) {
++            return HTTP_NOT_IMPLEMENTED;
++        } else {
+             /*
+              * This is only non fatal when the method is idempotent. In this
+              * case we can dare to retry it with a different worker if we are