angler-fishThe Vulnerability History Project

*) SECURITY: CVE-2013-5704 (cve.mitre.org)

      core: HTTP trailers could be used to replace HTTP headers
     late during request processing, potentially undoing or
     otherwise confusing modules that examined or modified
     request headers earlier.  Adds "MergeTrailers" directive to restore
     legacy behavior.  

Submitted By: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener
Committed By: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610814 13f79535-47bb-0310-9956-ffa450edef68
by Ernestine the Ladybird 2014-07-15 19:11:02 UTC
commit 8cc5e00f9ead2e8f915a567aeb756c5cca357188
HTTPD Fix CVE-2013-5704
CHANGES
-7
docs/manual/mod/core.xml
-19
docs/manual/mod/mod_log_config.xml
-8
include/ap_mmn.h
+1 -2
include/http_core.h
-4
include/httpd.h
-5
modules/http/http_filters.c
+5 -50
modules/http/http_request.c
-4
modules/loggers/mod_log_config.c
-14
modules/proxy/mod_proxy_http.c
-18
server/core.c
+1 -16
server/protocol.c
-4
expand_less