Sophie

Sophie

distrib > Mandriva > 2009.0 > i586 > by-pkgid > caf339018a6654e52c7cc23d1db11db5 > files > 54

apache-2.2.9-12.9mdv2009.0.src.rpm


 http://svn.apache.org/viewvc?view=revision&revision=917876

 SECURITY: CVE-2010-0408 (cve.mitre.org)
 
 mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after
 request headers indicate a request body is incoming; this is not a case of
 HTTP_INTERNAL_SERVER_ERROR.
 
 Submitted by: Niku Toivola <niku.toivola sulake.com>
 Reviewed by: rpluem, jim, wrowe
 Backports: r917875

--- modules/proxy/mod_proxy_ajp.c	2008-06-05 08:46:43.000000000 -0400
+++ modules/proxy/mod_proxy_ajp.c.oden	2010-03-02 09:50:52.000000000 -0500
@@ -231,7 +231,7 @@ static int ap_proxy_ajp_request(apr_pool
             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                          "proxy: ap_get_brigade failed");
             apr_brigade_destroy(input_brigade);
-            return HTTP_INTERNAL_SERVER_ERROR;
+            return HTTP_BAD_REQUEST;
         }
 
         /* have something */

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional