[Bug 63688] New: Balancer Manager: problem with CSRF protection

bugzilla Fri, 23 Aug 2019 05:54:03 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=63688


            Bug ID: 63688
           Summary: Balancer Manager: problem with CSRF protection
           Product: Apache httpd-2
           Version: 2.4.41
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy_balancer
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

The new CSRF protection of the Balancer Manager breaks editing functionality
for browsers that lowercase hostnames in the Referer: header; e.g. Chrome

The error is based on the usage of strcmp() in the safe_referer() function

https://github.com/apache/httpd/blob/2.4.x/modules/proxy/mod_proxy_balancer.c#L1107

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 63688] New: Balancer Manager: problem with CSRF protection

Reply via email to