/[Apache-SVN]
ViewVC logotype

Revision 1610503

Jump to revision: Previous Next
Author: covener
Date: Mon Jul 14 20:01:30 2014 UTC (9 years, 10 months ago)
Changed paths: 3
Log Message: 
backport r1610501 from trunk:

      *) SECURITY: CVE-2014-0118 (cve.mitre.org)
         mod_deflate: The DEFLATE input filter (inflates request bodies) now
         limits the length and compression ratio of inflated request bodies to avoid
         denial of sevice via highly compressed bodies.  See directives
         DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
         and DeflateInflateRatioBurst.

    Thanks to Giancarlo Pellegrino and Davide Balzarotti for reporting the issue.

Submitted By: ylavic, covener
Reviewed By: jorton, covener, jim

Changed paths

Path Details
Directoryhttpd/httpd/branches/2.4.x/CHANGES modified , text changed
Directoryhttpd/httpd/branches/2.4.x/docs/manual/mod/mod_deflate.xml modified , text changed
Directoryhttpd/httpd/branches/2.4.x/modules/filters/mod_deflate.c modified , text changed
infrastructure at apache.org
 ViewVC Help
Powered by ViewVC 1.1.26