--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/patches/CVE-2011-3348.patch Fri Sep 23 06:10:48 2011 -0700
@@ -0,0 +1,19 @@
+ *) SECURITY: CVE-2011-3348 (cve.mitre.org)
+ mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
+ recognized. [Jean-Frederic Clere]
+
+http://svn.apache.org/viewvc?view=revision&sortby=date&revision=1167158
+
+--- modules/proxy/mod_proxy_ajp.c 2011/09/09 13:30:49 1167157
++++ modules/proxy/mod_proxy_ajp.c 2011/09/09 13:31:06 1167158
+@@ -214,7 +214,9 @@
+ conn->worker->hostname);
+ if (status == AJP_EOVERFLOW)
+ return HTTP_BAD_REQUEST;
+- else {
++ else if (status == AJP_EBAD_METHOD) {
++ return HTTP_NOT_IMPLEMENTED;
++ } else {
+ /*
+ * This is only non fatal when the method is idempotent. In this
+ * case we can dare to retry it with a different worker if we are