Bug 98916
Summary: | Listen statement in ssl.conf allows IPv4-mapped IPv6 addresses | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Joe Orton <jorton> |
Component: | httpd | Assignee: | Joe Orton <jorton> |
Status: | CLOSED NOTABUG | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 9 | CC: | dr, mitr, mjc |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-08-25 18:00:39 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Joe Orton
2003-07-10 11:52:36 UTC
This affects non-SSL connections, the default httpd.conf has the same problem: Listen 80 The theory was sound but the testing wasn't, there is code in 2.0 to deal with this correctly; an "allow" or "deny" restriction based on an IPv4 address or subnet is tested against IPv4-mapped IPv6 addresses in the expected manner. |