| Log Message: |
SECURITY: CVE-2017-7668 (cve.mitre.org)
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
bug in token list parsing, which allows ap_find_token() to search past
the end of its input string. By maliciously crafting a sequence of
request headers, an attacker may be able to cause a segmentation fault,
or to force ap_find_token() to return an incorrect value.
Merge r1796350 from trunk:
short-circuit on NULL
Submitted by: jchampion, covener
Reviewed by: covener, ylavic, jim
|
httpd/httpd/branches/2.4.x/
httpd/httpd/branches/2.4.x/STATUS