[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#316173: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers

On Wed, Jun 29, 2005 at 12:49:31AM +0200, Moritz Muehlenhoff wrote:
> Package: apache2
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Latest 2.1.6-alpha fixes a security in the proxy HTTP code:
> 
> | The 2.1.6-alpha release addresses a security vulnerability present
> | in all previous 2.x versions.  This fault did not affect Apache 1.3.x
> | (which did not proxy keepalives or chunked transfer encoding);
> 
> |    Proxy HTTP: If a response contains both Transfer-Encoding
> |    and a Content-Length, remove the Content-Length to eliminate
> |    an HTTP Request Smuggling vulnerability and don't reuse the
> |    connection, stopping some HTTP Request Spoofing attacks.
> 

  Can I be the first to say that I don't understand the nature of this
 issue?

  Is this also present in 2.0.54 which is the latest stable release?
 There's no mention of it in the changelog there..

Steve
--
Reply to: