[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18
From: Marcus Meissner <meissner () suse ! de>
Date: 2011-10-26 16:02:00
Message-ID: 20111026160159.GA29335 () suse ! de
[Download RAW message or body]
Hi,
during our QA we noticed that the mod_proxy fix for CVE-2011-3368
was incomplete for HTTP 0.9 style requests.
https://bugzilla.novell.com/show_bug.cgi?id=722545
to cross check, with the RewriteRules setup as in the exploit:
$ telnet testhost 80
GET @www.otherhost/foo.png
... should give a 400 error, and not the 404 code from www.otherhost
Ciao, Marcus
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic