[email protected] writes: > Author: jorton > Date: Thu Jul 2 13:42:12 2009 > New Revision: 790589 > > URL: http://svn.apache.org/viewvc?rev=790589&view=rev > Log: > - add test case for CVE-2009-1890 > > Added: > httpd/test/framework/trunk/t/security/CVE-2009-1890.t (with props)
I've been looking at this test and I could use some help understanding it. The test doesn't seem to do what the vulnerability description talks about. The vulnerability talks about sending additional data after sending Content-length bytes of request body, where this test sends a request body of the right length, just in two parts with a pause in between. -- Dan Poirier <[email protected]>
