Project

General

Profile

Actions

Bug #2146

closed

fix mod_proxy_backend_http vulnerability

Added by liming almost 15 years ago. Updated about 8 years ago.

Status:
Obsolete
Priority:
Normal
Category:
mod_proxy_backend_http
Target version:
ASK QUESTIONS IN Forums:

Description

If the http-backend sends back an invalid response, like:

HTTP/1.1 200 OK
...
Transfer-Encoding: chunked
...

\0\r\n
1111111111111111......

Of course, the chunk-length "\0" is not valid. However, lighttpd trapped into an endless loop at the monent. It cannot serve any more, and its cpu usage is up to 100%.

In this case, mod_proxy_backend_http should just stop, and return HANDLER_FINISHED.


Files

Actions #1

Updated by gstrauss over 8 years ago

  • Missing in 1.5.x changed from No to Yes
Actions #2

Updated by gstrauss about 8 years ago

  • Status changed from Patch Pending to Obsolete
Actions

Also available in: Atom