You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/03/21 12:39:21 UTC
DO NOT REPLY [Bug 51878] 2.2.21 is not compliant for byterange 0-
returning 200 instead of 206
https://issues.apache.org/bugzilla/show_bug.cgi?id=51878
matty <ma...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
--- Comment #10 from matty <ma...@gmail.com> 2012-03-21 11:39:21 UTC ---
When "killapache.pl" script is executed against Opensource Apache 2.2.22
Windows binary, it shows "host seems vuln" message. This behaviour was not
observed in Apache 2.2.21 version. Whether this means CVE-2011-3192
vulnerability is re-introduced in Opensource Apache 2.2.22 version while fixing
the below byterange regression?
*) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
A range of '0-' will now return 206 instead of 200. PR 51878.
[Jim Jagielski]
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org