https://issues.apache.org/bugzilla/show_bug.cgi?id=51878
Bug #: 51878
Summary: 2.2.21 is not compliant for byterange 0- returning 200
instead of 206
Product: Apache httpd-2
Version: 2.2.21
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: All
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
2.2.21 is not compliant for byterange 0- returning 200 instead of 206.
This breaks our software.
We see the 200 response as a failure to understand the byterange request.
http://httpd.apache.org/security/CVE-2011-3192.txt
The fixes for CVE-2011-3192 in 2.2.20 and 2.2.21 are causing
servers to return 200 instead of 206 for this case.
(see the CAVEATS section of CVE-2011-3192).
RFC
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
Section 14.35.1 Byte Ranges says that, if the requested range is satisfiable,
and 0- certainly is, then "the server SHOULD return a response with a status of
206 (Partial Content) containing the satisfiable ranges of the entity-body. "
People everywhere should not have to dink around with their clients software.
You should follow the standard. It should be easy for you to fix this.
-Thank you!
Galt Barber
UCSC Genome Browser
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
