On Wednesday 08 December 2010, Malte S. Stretz wrote:
Hmm, no reply yet, are there any objections/comments/questions
about the patches? If not, anybody with enough karma to
commit? Just asking :)
I have commited the variant without separate config directive as
r1053357, r1053363, r1053365.
On Tuesday 28 December 2010 15:56:15 Stefan Fritsch wrote:
On Wednesday 08 December 2010, Malte S. Stretz wrote:
Hmm, no reply yet, are there any objections/comments/questions
about the patches? If not, anybody with enough karma to
commit? Just asking :)
I have commited the variant
On Monday 22 November 2010 23:25:06 I wrote:
On Monday 18 October 2010 12:28:12 Malte S. Stretz wrote:
On Tuesday 12 October 2010 19:49:02 Malte S. Stretz wrote:
On Tuesday 12 October 2010 18:13:46 William A. Rowe Jr. wrote:
On 10/12/2010 10:06 AM, Dirk-Willem van Gulik wrote:
On 12
On Monday 18 October 2010 12:28:12 Malte S. Stretz wrote:
On Tuesday 12 October 2010 19:49:02 Malte S. Stretz wrote:
On Tuesday 12 October 2010 18:13:46 William A. Rowe Jr. wrote:
On 10/12/2010 10:06 AM, Dirk-Willem van Gulik wrote:
On 12 Oct 2010, at 15:30, Malte S. Stretz wrote:
I
On Tuesday 12 October 2010 19:49:02 Malte S. Stretz wrote:
On Tuesday 12 October 2010 18:13:46 William A. Rowe Jr. wrote:
On 10/12/2010 10:06 AM, Dirk-Willem van Gulik wrote:
On 12 Oct 2010, at 15:30, Malte S. Stretz wrote:
I had a quick look at the Apache source and the solution was
Hi folks,
a few days ago on a bored afternoon thumbed through the Unusual Web Bugs
presentation [1] from 24C3. On slide 19/20 the author shows a way to
inject otherwise filtered headers from Flash into CGI scripts. This is
caused by sloppy filtering on the client side and the simple
On 12 Oct 2010, at 15:30, Malte S. Stretz wrote:
I had a quick look at the Apache source and the solution was simple: Just
drop headers which contain any character outside the range [a-zA-Z0-9-].
The patch against trunk is attached.
This made me think of something we had a while ago; and
On 10/12/2010 10:06 AM, Dirk-Willem van Gulik wrote:
On 12 Oct 2010, at 15:30, Malte S. Stretz wrote:
I had a quick look at the Apache source and the solution was simple: Just
drop headers which contain any character outside the range [a-zA-Z0-9-].
The patch against trunk is attached.
On Tuesday 12 October 2010 18:13:46 William A. Rowe Jr. wrote:
On 10/12/2010 10:06 AM, Dirk-Willem van Gulik wrote:
On 12 Oct 2010, at 15:30, Malte S. Stretz wrote:
I had a quick look at the Apache source and the solution was simple:
Just drop headers which contain any character outside
