Bug#316173: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers
On Wed, Jun 29, 2005 at 12:49:31AM +0200, Moritz Muehlenhoff wrote:
> Package: apache2
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Latest 2.1.6-alpha fixes a security in the proxy HTTP code:
>
> | The 2.1.6-alpha release addresses a security vulnerability present
> | in all previous 2.x versions. This fault did not affect Apache 1.3.x
> | (which did not proxy keepalives or chunked transfer encoding);
>
> | Proxy HTTP: If a response contains both Transfer-Encoding
> | and a Content-Length, remove the Content-Length to eliminate
> | an HTTP Request Smuggling vulnerability and don't reuse the
> | connection, stopping some HTTP Request Spoofing attacks.
>
Can I be the first to say that I don't understand the nature of this
issue?
Is this also present in 2.0.54 which is the latest stable release?
There's no mention of it in the changelog there..
Steve
--
Reply to: