Stefan Fritsch wrote:
I agree. It might be exploitable with buggy browser plugins using HTTP
request splitting. See e.g.
http://www.adobe.com/support/security/advisories/apsa06-01.html
Request splitting was previously addressed in httpd.
On Monday 17 December 2007, William A. Rowe, Jr. wrote:
> >> This is CVE-2007-6203. Maybe you should add the reference to the
> >> CHANGES file?
> >
> > I don't think that's a good idea since we don't want to mislead
> > users into thinking a
Joe Orton wrote:
On Sun, Dec 16, 2007 at 08:37:08PM +0100, Stefan Fritsch wrote:
*) http_protocol: Escape request method in 413 error reporting.
Determined to be not generally exploitable, but a flaw in any case.
PR 44014 [Victor Stinner ]
This is CVE-2007-6203. Maybe you should add
On Sun, Dec 16, 2007 at 08:37:08PM +0100, Stefan Fritsch wrote:
> *) http_protocol: Escape request method in 413 error reporting.
> Determined to be not generally exploitable, but a flaw in any case.
> PR 44014 [Victor Stinner ]
>
> This is CVE-2007-6203. Maybe you
*) http_protocol: Escape request method in 413 error reporting.
Determined to be not generally exploitable, but a flaw in any case.
PR 44014 [Victor Stinner ]
This is CVE-2007-6203. Maybe you should add the reference to the CHANGES file?
Cheers,
Stefan
