https://issues.apache.org/bugzilla/show_bug.cgi?id=40953
Edward Z. Yang <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #6 from Edward Z. Yang <[email protected]> 2009-02-18 13:49:04 PST --- We've run into this "feature enhancement request" recently. It's actually a more specific example of the fact that Apache doesn't sanity check Status Code/Content-Length headers that scripts send back. For example, I can take advantage of this to make a CGI script send two HTTP responses back to a user, when Keep-Alive is on and a single connection is used: PoC: https://scripts.mit.edu/~apo/mitchtest/304.py Code: http://mit.edu/~mitchb/Public/304.py If the PoC works (it occasionally fails, if that happens, try again), it will redirect you to https://scripts.mit.edu/~geofft but will display "Injected Content", which was the second HTTP request sent. There is also a relevant Firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=363109#c12 It would be very nice to see this fixed. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
