Project

General

Profile

Bug #2146

fix mod_proxy_backend_http vulnerability

Added by liming over 9 years ago. Updated about 3 years ago.

Status:
Obsolete
Priority:
Normal
Assignee:
-
Category:
mod_proxy_backend_http
Target version:
Start date:
2010-01-06
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:
Yes

Description

If the http-backend sends back an invalid response, like:

HTTP/1.1 200 OK
...
Transfer-Encoding: chunked
...

\0\r\n
1111111111111111......

Of course, the chunk-length "\0" is not valid. However, lighttpd trapped into an endless loop at the monent. It cannot serve any more, and its cpu usage is up to 100%.

In this case, mod_proxy_backend_http should just stop, and return HANDLER_FINISHED.

History

#1

Updated by gstrauss about 3 years ago

  • Missing in 1.5.x changed from No to Yes
#2

Updated by gstrauss about 3 years ago

  • Status changed from Patch Pending to Obsolete

Also available in: Atom