Checkout
Joe Orton
committed
on 07 Oct 11
Merge r1179239 from trunk:

SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
reverse proxy configurations by strictly … Show more
Merge r1179239 from trunk:

SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some

reverse proxy configurations by strictly validating the request-URI:

* server/protocol.c (read_request_line): Send a 400 response if the

 request-URI does not match the grammar from RFC 2616.  This ensures

 the input string for RewriteRule et al really is an absolute path.

Reviewed by: jim, rjung, jorton

Show less