Joe Orton 14fef5ae85 Fix for additional cases of URL rewriting with ProxyPassMatch or ...

RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations. (CVE-2011-4317)

Thanks to Prutha Parikh from Qualys for reporting this issue.

* modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*"
  request-URI.  Fail for cases where r->uri does not begin with a "/".

* modules/mappers/mod_rewrite.c (hook_uri2file): Likewise.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209432 13f79535-47bb-0310-9956-ffa450edef68

2011-12-02 12:04:20 +00:00

92 KiB

Raw Blame History

View Raw