]> granicus.if.org Git - apache/commit
projects / apache / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a0403e8) | patch
SECURITY: CVE-2017-3167 (cve.mitre.org)
authorJim Jagielski <jim@apache.org>
Tue, 30 May 2017 12:27:41 +0000 (12:27 +0000)
committerJim Jagielski <jim@apache.org>
Tue, 30 May 2017 12:27:41 +0000 (12:27 +0000)
commit78b86cd7aab0413e8d471370c891507243eccc13
treeb9545b97e99862773b562867e79cf40cb8aaa8d3tree | snapshot
parenta0403e8220676ecc1272bb02b0aa99e8992b8ec9commit | diff
SECURITY: CVE-2017-3167 (cve.mitre.org)
Use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being
bypassed.

Merge r1796348 from trunk:

core: Deprecate ap_get_basic_auth_pw() and add ap_get_basic_auth_components().

Submitted By: Emmanuel Dreyfus <manu netbsd.org>, jchampion, coverner
Reviewed by: covener, ylavic, jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1796855 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | history
STATUS diff | blob | history
include/ap_mmn.h diff | blob | history
include/http_protocol.h diff | blob | history
server/protocol.c diff | blob | history
server/request.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.