[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#852623: sitesummary-client fails to submit data

Package: sitesummary
Version: 0.1.27
Severity: important

Starting with apache2 2.4.25-1 sitesummary doesn't work like before.

The test-server-client script output (see debci as well):

Failed to upload, answer 'HTTP/1.1 400 Bad Request
Date: Wed, 25 Jan 2017 17:47:11 GMT
Server: Apache/2.4.25 (Debian)
Content-Length: 301
Connection: close
Content-Type: text/html; charset=iso-8859-1

<title>400 Bad Request</title>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
<address>Apache/2.4.25 (Debian) Server at Port 80</address>
error: unable to submit to 'http://localhost/cgi-bin/sitesummary-collector.cgi'
error: did not find entry
info: terminating script

Downgrading to apache 2.4.23-8 makes sitesummary work ok.

I suspect apache security enhancements to cause the failure.

Apache 2.4.25 changelog states:

  * Security: CVE-2016-8743:
    Enforce HTTP request grammar corresponding to RFC7230 for request lines
    and request headers, to prevent response splitting and cache pollution by
    malicious clients or downstream proxies.
  * The stricter HTTP enforcement may cause compatibility problems with
    non-conforming clients. Fine-tuning is possible with the new
    HttpProtocolOptions directive.


Attachment: signature.asc
Description: PGP signature

Reply to: