Re: [users@httpd] HTTPProtoco Options Apache 2.2

On Tue, Jun 13, 2017 at 11:55 PM, Rashmi Srinivasan wrote: > However making a single change as bellow, got the Unsafe option to work. I think that is wrong for the rest of the merge function. -- Eric Covener cove...@gmail.com

Re: [users@httpd] HTTPProtoco Options Apache 2.2

Thanks Eric, Please ignore my previous message. http://svn.apache.org/viewvc?view=revision=1783440 Porting from above, httpprotocoloptions works as expected. Thanks, Rashmi On Wed, Jun 14, 2017 at 9:25 AM, Rashmi Srinivasan < rashmisrinivasan2...@gmail.com> wrote: > Thanks for your response

Re: [users@httpd] HTTPProtoco Options Apache 2.2

Thanks for your response Eric. Porting the changes from http://svn.apache.org/ viewvc?view=revision=1783440 also didn't help. However making a single change as bellow, got the Unsafe option to work. conf = (core_server_config *)apr_pmemdup(p, virt, sizeof(core_server_config)); to conf =

Re: [users@httpd] HTTPProtoco Options Apache 2.2

http://svn.apache.org/viewvc?view=revision=1783440 On Tue, Jun 13, 2017 at 2:19 PM, Rashmi Srinivasan wrote: > Hi Yann/Eric. > -We have ported the changes for CVE -2016-8743. into apache 2.2 on > HP-UX >But while testing we find that

[users@httpd] HTTPProtoco Options Apache 2.2

Hi Yann/Eric. -We have ported the changes for CVE -2016-8743. into apache 2.2 on HP-UX But while testing we find that HTTPProtocolOption Unsafe tested with GET /HTTP 1.0/\n\n responds with BAD Request, when it is suppose to succeed. However after making changes as