Bug#316173: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#316173: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 29 Jun 2005 00:49:31 +0200
Message-id: <[🔎] E1DnOtX-0001i1-IX@localhost.localdomain>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 316173@bugs.debian.org

Package: apache2
Severity: grave
Tags: security
Justification: user security hole

Latest 2.1.6-alpha fixes a security in the proxy HTTP code:

| The 2.1.6-alpha release addresses a security vulnerability present
| in all previous 2.x versions.  This fault did not affect Apache 1.3.x
| (which did not proxy keepalives or chunked transfer encoding);

|    Proxy HTTP: If a response contains both Transfer-Encoding
|    and a Content-Length, remove the Content-Length to eliminate
|    an HTTP Request Smuggling vulnerability and don't reuse the
|    connection, stopping some HTTP Request Spoofing attacks.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Reply to:

Follow-Ups:
- Bug#316173: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers
  - From: Steve Kemp <skx@debian.org>

Prev by Date: Get latest version, cds and download under $99
Next by Date: Bug#316173: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers
Previous by thread: (fwd) Debian-Projekt auf der ApacheCon? [lars@apache.org]
Next by thread: Bug#316173: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers
Index(es):
- Date
- Thread