Fix for additional cases of URL rewriting with ProxyPassMatch or
RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations. (CVE-2011-4317)
Thanks to Prutha Parikh from Qualys for reporting this issue.
* modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*"
request-URI. Fail for cases where r->uri does not begin with a "/".
* modules/mappers/mod_rewrite.c (hook_uri2file): Likewise.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@
1209432 13f79535-47bb-0310-9956-
ffa450edef68
projects / apache / commit