Actions
Bug #2146
closedfix mod_proxy_backend_http vulnerability
ASK QUESTIONS IN Forums:
Description
If the http-backend sends back an invalid response, like:
HTTP/1.1 200 OK
...
Transfer-Encoding: chunked
...
\0\r\n
1111111111111111......
Of course, the chunk-length "\0" is not valid. However, lighttpd trapped into an endless loop at the monent. It cannot serve any more, and its cpu usage is up to 100%.
In this case, mod_proxy_backend_http should just stop, and return HANDLER_FINISHED.
Files
Updated by gstrauss about 8 years ago
- Status changed from Patch Pending to Obsolete
Actions
Also available in: Atom