You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by mj...@apache.org on 2005/09/01 15:33:20 UTC

svn commit: r265719 - /httpd/httpd/branches/2.0.x/CHANGES

Author: mjc
Date: Thu Sep  1 06:33:18 2005
New Revision: 265719

URL: http://svn.apache.org/viewcvs?rev=265719&view=rev
Log:
CAN-2004-1834 was created in March 2004 when it was reported
that mod_disk_cache would store these headers -- leading to a 
small potential risk that you'd end up with authentication headers
on disk and visible to users (or cgi scripts or whatever).  Make
a note which commit actually ended up closing this low impact issue.

Modified:
    httpd/httpd/branches/2.0.x/CHANGES

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?rev=265719&r1=265718&r2=265719&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Thu Sep  1 06:33:18 2005
@@ -225,7 +225,8 @@
      is causing a potential problem with the LDAP shared memory cache.
      PR 31431 [Graham Leggett]
 
-  *) mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]
+  *) SECURITY: CAN-2004-1834 (cve.mitre.org)
+     mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]
 
   *) Fix the re-linking issue when purging elements from the LDAP cache
      PR 24801.  [Jess Holle <jessh ptc.com>]