[Bug 68907] New: replace ap_trust_cgilike_cl with a validating CL filter

bugzilla Tue, 16 Apr 2024 17:20:58 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=68907


            Bug ID: 68907
           Summary: replace ap_trust_cgilike_cl with a validating CL
                    filter
           Product: Apache httpd-2
           Version: 2.4.59
          Hardware: PC
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Core
          Assignee: bugs@httpd.apache.org
          Reporter: cove...@gmail.com
  Target Milestone: ---

Instead of the current ban on Content-Length from CGI-like modules, we could
let these headers through and validate the length in some core filter, making
sure a short or long response results in a terminated connection.

This would replace the whitelisting via ap_trust_cgilike_cl

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 68907] New: replace ap_trust_cgilike_cl with a validating CL filter

Reply via email to