]> granicus.if.org Git - apache/commit
projects / apache / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3b36579) | patch
*) SECURITY: CVE-2013-5704 (cve.mitre.org)
authorEric Covener <covener@apache.org>
Tue, 15 Jul 2014 19:11:02 +0000 (19:11 +0000)
committerEric Covener <covener@apache.org>
Tue, 15 Jul 2014 19:11:02 +0000 (19:11 +0000)
commit8cc5e00f9ead2e8f915a567aeb756c5cca357188
tree5b292decc6fc8f4f63a9c45144352dc370fd7888tree | snapshot
parent3b365793c19aff95d1cf9bbea19f138752264d12commit | diff
  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
     core: HTTP trailers could be used to replace HTTP headers
     late during request processing, potentially undoing or
     otherwise confusing modules that examined or modified
     request headers earlier.  Adds "MergeTrailers" directive to restore
     legacy behavior.

Submitted By: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener
Committed By: covener

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610814 13f79535-47bb-0310-9956-ffa450edef68
12 files changed:
CHANGES diff | blob | history
docs/manual/mod/core.xml diff | blob | history
docs/manual/mod/mod_log_config.xml diff | blob | history
include/ap_mmn.h diff | blob | history
include/http_core.h diff | blob | history
include/httpd.h diff | blob | history
modules/http/http_filters.c diff | blob | history
modules/http/http_request.c diff | blob | history
modules/loggers/mod_log_config.c diff | blob | history
modules/proxy/mod_proxy_http.c diff | blob | history
server/core.c diff | blob | history
server/protocol.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.