Bug 1420104
Summary: | request contains solely FL on the end of the lines triggers bad request | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Jan Houska <jhouska> |
Component: | httpd | Assignee: | Luboš Uhliarik <luhliari> |
Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.9 | CC: | jhouska, jorton, luhliari |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-02-07 20:39:05 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Houska
2017-02-07 20:22:51 UTC
Being relaxed in what is accepted here is a vulnerability, CVE-2016-8743, and hence that is being changed by default. The option: HttpProtocolOptions unsafe has been added, which can be used to restore the old behaviour. http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions Explanation is sufficient. |