You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/08/16 07:41:34 UTC
[Bug 53727] New: mod_proxy_ajp + mod_deflate = mixed up response,
after accessed by browser that doesn't support gzip
https://issues.apache.org/bugzilla/show_bug.cgi?id=53727
Priority: P2
Bug ID: 53727
Assignee: bugs@httpd.apache.org
Summary: mod_proxy_ajp + mod_deflate = mixed up response, after
accessed by browser that doesn't support gzip
Severity: critical
Classification: Unclassified
OS: Linux
Reporter: sokann@gmail.com
Hardware: PC
Status: NEW
Version: 2.4.2
Component: mod_proxy_ajp
Product: Apache httpd-2
1. Create a simple web app and serve it with ajp
2. In the web app, create a normal page (with .js, .css, and images), then
craft a slow page that only returns a response after 1 second
3. Setup a reversed proxy to the web app with mod_proxy_ajp (a plain ProxyPass
line)
4. Enable mod_deflate for the usual content types
5. Open Firefox, go to about:config, and set network.http.accept-encoding from
"gzip, deflate" to an empty string
6. Restart Firefox, clear cache
7. With Firefox, access the normal page and let it load to completion, then
access the slow page and press "Ctrl-W" to close the tab before the response is
returned
8. Open Chrome, clear cache
9. With Chrome, access the normal page and see things go haywire, e.g. a
request for a .js file will receive a response of image/png
The symptom of mixed up response is similar to bug 40310 and bug 47714. In
production system, other than broken functionality caused by .js file returned
as image, our users were able to see responses intended for others.
Once things go haywire, a graceful reload of Apache will get things to work
again (leaving browser and proxy caching aside), until the next non-gzip client
abandons a page load.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53727] mod_proxy_ajp: mixed up response after client connection
abort
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53727
Rainer Jung <ra...@kippdata.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|mod_proxy_ajp + mod_deflate |mod_proxy_ajp: mixed up
|= mixed up response, after |response after client
|accessed by browser that |connection abort
|doesn't support gzip |
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53727] mod_proxy_ajp + mod_deflate = mixed up response, after
accessed by browser that doesn't support gzip
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53727
Rainer Jung <ra...@kippdata.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #3 from Rainer Jung <ra...@kippdata.de> ---
This was assigned CVE-2012-3507.
It has been fixed in r1373955 for trunk and r1374297 for 2.4.x and was released
today with version 2.4.3.
Not 2.2 version is affected.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53727] mod_proxy_ajp + mod_deflate = mixed up response, after
accessed by browser that doesn't support gzip
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53727
Rainer Jung <ra...@kippdata.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53727] mod_proxy_ajp + mod_deflate = mixed up response, after
accessed by browser that doesn't support gzip
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53727
--- Comment #4 from Rainer Jung <ra...@kippdata.de> ---
Oups, I meant CVE-2012-3502.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53727] mod_proxy_ajp + mod_deflate = mixed up response, after
accessed by browser that doesn't support gzip
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53727
--- Comment #2 from Rainer Jung <ra...@kippdata.de> ---
(In reply to comment #1)
> Actually, step 4 and 5 are just red herring. I can reproduce the bug without
> enabling mod_deflate and with a normal Firefox.
Which version of Tomcat did you use?
Any changes to the default configuration of the Tomcat AJP connector or (apart
from the mentioned one ProxyPass line) to mod_proxy configuration?
Could you please provide your Tomcat server.xml?
Can you reproduce with the Tomcat standard ROOT context plus a slow.jsp with
the following contents?
<%Thread.sleep(4000);%>
Done.
Regards,
Rainer
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53727] mod_proxy_ajp + mod_deflate = mixed up response, after
accessed by browser that doesn't support gzip
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53727
--- Comment #1 from Yap Sok Ann <so...@gmail.com> ---
Actually, step 4 and 5 are just red herring. I can reproduce the bug without
enabling mod_deflate and with a normal Firefox.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org