On Fri, 21 Jun 2002 [EMAIL PROTECTED] wrote: > Concerning this vulnerability: is safe to assume that a patched > reverse proxy will protect a vulnerable back end server from such > malicious requests?
I think that even unpatched Apache will protect backend - as all modules that have deal with clients body mod_proxy does not support client's chunked request. Of course, unpatched frontend is still vulnerable. Igor Sysoev http://sysoev.ru