RFC7230 section 3.2.6 (https://tools.ietf.org/html/rfc7230#section-3.2.6 )
defines a HTTP header field as:
header-field = field-name ":" OWS field-value OWS
field-name = token
and
token = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
/ "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
/ DIGIT / ALPHA
; any VCHAR, except delimiters
I believe Apache 2.2.32 fails to comply with the above definition for a single
character request header. Apache 2.4.25 on the other hand accepts these
requests just fine.
------------------------------------------------
GET / HTTP/1.1
Host: dw00043.dweb.intranet.db.com
t: testalpha
------------------------------------------------
------------------------------------------------
GET / HTTP/1.1
Host: dw00043.dweb.intranet.db.com
0: testnum
------------------------------------------------
Is this a bug, and is there a chance of fixing it in 2.2.32 ?
---
This e-mail may contain confidential and/or privileged information. If you are
not the intended recipient (or have received this e-mail in error) please
notify the sender immediately and delete this e-mail. Any unauthorized copying,
disclosure or distribution of the material in this e-mail is strictly forbidden.
Please refer to https://www.db.com/disclosures for additional EU corporate and
regulatory disclosures and to
http://www.db.com/unitedkingdom/content/privacy.htm for information about
privacy.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
