You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2005/07/01 06:23:29 UTC

HTTP Spoofing

1.3 proxy doesn't accept T-E:chunked request bodies.

1.3 proxy doesn't perform keep-alives against a backend.

I think we are safe, but additional opinions are welcome.

Bill

At 02:18 PM 6/30/2005, Mark J Cox wrote:
>> I'm obtaining a CVE name for this issue -- (as the issue is already public 
>> it requires co-ordination with Mitre)
>
>CAN-2005-2088
>
>Has anyone looked to make sure this doesn't apply to later 1.3 releases?  
>
>Cheers,
>Mark