/[Apache-SVN]
ViewVC logotype

Revision 1796855

Jump to revision: Previous Next
Author: jim
Date: Tue May 30 12:27:41 2017 UTC (6 years, 1 month ago)
Changed paths: 9
Log Message: 
SECURITY: CVE-2017-3167 (cve.mitre.org)
Use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being
bypassed.

Merge r1796348 from trunk:

core: Deprecate ap_get_basic_auth_pw() and add ap_get_basic_auth_components(). 

Submitted By: Emmanuel Dreyfus <manu netbsd.org>, jchampion, coverner
Reviewed by: covener, ylavic, jim

Changed paths

Path Details
Directoryhttpd/httpd/branches/2.4.x/ modified , props changed
Directoryhttpd/httpd/branches/2.4.x/CHANGES modified , text changed
Directoryhttpd/httpd/branches/2.4.x/STATUS modified , text changed
Directoryhttpd/httpd/branches/2.4.x/docs/manual/ modified , props changed
Directoryhttpd/httpd/branches/2.4.x/include/ap_mmn.h modified , text changed
Directoryhttpd/httpd/branches/2.4.x/include/http_protocol.h modified , text changed
Directoryhttpd/httpd/branches/2.4.x/modules/http2/ modified , props changed
Directoryhttpd/httpd/branches/2.4.x/server/protocol.c modified , text changed
Directoryhttpd/httpd/branches/2.4.x/server/request.c modified , text changed
infrastructure at apache.org
 ViewVC Help
Powered by ViewVC 1.1.26