Bug#316173: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers
Package: apache2
Severity: grave
Tags: security
Justification: user security hole
Latest 2.1.6-alpha fixes a security in the proxy HTTP code:
| The 2.1.6-alpha release addresses a security vulnerability present
| in all previous 2.x versions. This fault did not affect Apache 1.3.x
| (which did not proxy keepalives or chunked transfer encoding);
| Proxy HTTP: If a response contains both Transfer-Encoding
| and a Content-Length, remove the Content-Length to eliminate
| an HTTP Request Smuggling vulnerability and don't reuse the
| connection, stopping some HTTP Request Spoofing attacks.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Reply to: