DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40029>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40029 [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From [EMAIL PROTECTED] 2006-07-12 15:32 ------- (In reply to comment #0) > ssldump on the Apache 2.2.2 machine shows that the RPC_OUT_DATA is correctly > forwarded to the Exchange server. For the RPC_IN_DATA, OTOH, the proxy > doesn't > even open a connection to the Exchange server. I can only guess that's it's > trying to read (prefetch?) a part or all of the 1073741824 bytes > (Content-Length) before opening the session to the Exchange server. Correct, we prefetch the whole body to avoid HTTP smuggling attacks with invalid Content-Length headers. This is a security fix in 2.2.x and >= 2.0.55. (see http://httpd.apache.org/security/vulnerabilities_20.html and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088). Correct me if I am wrong but I do not think that RPC_IN_DATA and RPC_OUT_DATA are specfied in any RFC. > > Unfortunately, the client only sends a small request (~ 100 bytes) on the IN > connection and starts waiting for a response on the OUT connection. It never > gets one, though, since the request hasn't reached the Exchange server yet. This is an incorrect use of the http protocol. Bad luck for Microsoft. So I do not see any chance that we can do anything here. => Invalid -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
