https://issues.apache.org/bugzilla/show_bug.cgi?id=52774
--- Comment #7 from Petr Sumbera <[email protected]> 2012-04-05 15:30:21 UTC --- Created attachment 28547 --> https://issues.apache.org/bugzilla/attachment.cgi?id=28547 Example of possible fix. In original fix for CVE-2011-3368 there was following note: >From RFC - /* RFC 2616: * Request-URI = "*" | absoluteURI | abs_path | authority But in both fixes for CVE-2011-3368 and CVE-2011-4317 there was no code allowing absoluteURI which is used in case of poxing. Please see attached diff file which in my case solved this issue (probably the same fix should go also into mod_proxy.c). Any comments? -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
