You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2013/01/14 13:11:01 UTC
[Bug 54416] New: Missing support for MKCALENDAR method
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
Bug ID: 54416
Summary: Missing support for MKCALENDAR method
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Mac OS X 10.4
Status: NEW
Severity: normal
Priority: P2
Component: mod_proxy_ajp
Assignee: bugs@httpd.apache.org
Reporter: thorben.betten@open-xchange.com
Classification: Unclassified
The denoted HTTP method MKCALENDAR is not supported due to CVE-2011-3348
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348).
Unfortunately, that method is badly needed to support up-to-date CalDAV
clients.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
Stefan Fritsch <sf...@sfritsch.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #11 from Stefan Fritsch <sf...@sfritsch.de> ---
fixed in 2.4.4 and 2.2.24
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
Marc Arens <ma...@open-xchange.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |marc.arens@open-xchange.com
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
--- Comment #4 from Eric Covener <co...@gmail.com> ---
Sorry, subject is already appropriate!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
--- Comment #1 from Eric Covener <co...@gmail.com> ---
Can you elaborate on what that CVE has to do with the MKCALENDAR method and
attach a log of mod_proxy_ajp doing something wrong?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
Rainer Jung <ra...@kippdata.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk,
| |PatchAvailable
Status|NEEDINFO |NEW
Hardware|PC |All
Version|2.2.16 |2.4.3
OS|Mac OS X 10.4 |All
--- Comment #8 from Rainer Jung <ra...@kippdata.de> ---
Thanks for confirming the patch.
Fixed in trunk with r1435178.
Backport to 2.4.x proposed.
When backport happens, I will also propose for 2.2.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
--- Comment #6 from Marc Arens <ma...@open-xchange.com> ---
Thanks, i'll have a look at the patch.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
Marc Arens <ma...@open-xchange.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--- Comment #2 from Marc Arens <ma...@open-xchange.com> ---
AFAIU the result of the CVE is to return HTTP_NOT_IMPLEMENTED instead of
HTTP_BAD_REQUEST which marked the the active node as "in error" state to
prevent the DOS.
The main problem seems to be that mod_proxy_ajp responds with "No such method
MKCALENDAR" to MKCALENDAR request.
[Fri Dec 14 12:24:49 2012] [debug] mod_proxy_ajp.c(45): proxy: AJP:
canonicalising URL
//localhost:8009/servlet/dav/caldav/B731244A-5D06-4941-83F1-880A1EAE6343/
[Fri Dec 14 12:24:49 2012] [debug] proxy_util.c(1525): [client 192.168.32.238]
proxy: *: found reverse proxy worker for
ajp://localhost:8009/servlet/dav/caldav/B731244A-5D06-4941-83F1-880A1EAE6343/
[Fri Dec 14 12:24:49 2012] [debug] mod_proxy.c(1020): Running scheme ajp
handler (attempt 0)
[Fri Dec 14 12:24:49 2012] [debug] mod_proxy_ajp.c(681): proxy: AJP: serving
URL
ajp://localhost:8009/servlet/dav/caldav/B731244A-5D06-4941-83F1-880A1EAE6343/
[Fri Dec 14 12:24:49 2012] [debug] proxy_util.c(2011): proxy: AJP: has acquired
connection for (*)
[Fri Dec 14 12:24:49 2012] [debug] proxy_util.c(2067): proxy: connecting
ajp://localhost:8009/servlet/dav/caldav/B731244A-5D06-4941-83F1-880A1EAE6343/
to localhost:8009
[Fri Dec 14 12:24:49 2012] [debug] proxy_util.c(2193): proxy: connected
/servlet/dav/caldav/B731244A-5D06-4941-83F1-880A1EAE6343/ to localhost:8009
[Fri Dec 14 12:24:49 2012] [debug] proxy_util.c(2444): proxy: AJP: fam 2 socket
created to connect to *
[Fri Dec 14 12:24:49 2012] [debug] ajp_header.c(224): Into
ajp_marshal_into_msgb
[Fri Dec 14 12:24:49 2012] [error] ajp_marshal_into_msgb - No such method
MKCALENDAR
[Fri Dec 14 12:24:49 2012] [error] ajp_send_header: ajp_marshal_into_msgb
failed
[Fri Dec 14 12:24:49 2012] [error] (120010)APR does not understand this error
code: proxy: AJP: request failed to (null) (*)
[Fri Dec 14 12:24:49 2012] [debug] proxy_util.c(2029): proxy: AJP: has released
connection for (*)
Using Apache 2.2.16-6+squeeze10 in a setup with proxy_balancer and proxy_ajp
here.
Switching to proxy_http as a workaorund lets Apache accept MKCALENDAR requests.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
--- Comment #9 from Rainer Jung <ra...@kippdata.de> ---
Applied to 2.4.x in r1436400. Will be part of 2.4.4.
Proposed for backport to 2.2.x.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
Markus Wagner <ma...@open-xchange.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |markus.wagner@open-xchange.
| |com
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
Rainer Jung <ra...@kippdata.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #5 from Rainer Jung <ra...@kippdata.de> ---
Can you try the patch available at:
http://people.apache.org/~rjung/patches/httpd-2_2_x-ajp-unknown_-methods.patch
and report back? It is a straightforward port from mod_jk.
If it still doesn't work: what's the backend and which version?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
--- Comment #10 from Rainer Jung <ra...@kippdata.de> ---
Backported to 2.2.x today.
Should be part of 2.2.24.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
--- Comment #3 from Eric Covener <co...@gmail.com> ---
It looks to me like mod_proxy_ajp simply cannot forward methods it doesn't
know, and it didn't know about this method before the CVE fix either. If you
agree, please change the subject of the bug to "add MKCALENDAR method to
mod_proxy_ajp"
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54416] Missing support for MKCALENDAR method
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54416
Marc Arens <ma...@open-xchange.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|2.5-HEAD |2.2.16
--- Comment #7 from Marc Arens <ma...@open-xchange.com> ---
We just tested the patch successfully. MKCALENDAR is working now via
mod_proxy_ajp. Additionally we ran our testuite of dav tests against the
patched module and couldn't find any regressions either.
Thank you very much for the quick response.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org