https://issues.apache.org/bugzilla/show_bug.cgi?id=52774
--- Comment #15 from Petr Sumbera <[email protected]> --- (In reply to comment #14) > I have added a new RewriteOption, "AllowAnyURI", in r1356115 which IMO > resolves this issue. Other opinions are available! :) Doesn't mean "AllowAnyURI" option actually "allow CVE-2011-3368/CVE-2011-4317"? And is following statement correct? "Declining, request-URI 'http://blahblah' is not a URL-path" I believe http://blahblah is valid URL path. And what is problem with the patch I proposed? Is it vulnerable for CVE-2011-3368/CVE-2011-4317? I hope not. I think I just don't understand it.. :-) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
