| Log Message: |
Fix for additional cases of URL rewriting with ProxyPassMatch or
RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations. (CVE-2011-4317)
Thanks to Prutha Parikh from Qualys for reporting this issue.
* modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*"
request-URI. Fail for cases where r->uri does not begin with a "/".
* modules/mappers/mod_rewrite.c (hook_uri2file): Likewise.
|
httpd/httpd/trunk/modules/mappers/mod_rewrite.c