RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 684311 - Your browser sent a request that this server could not understand. Request header field is missing ':' separator.
Summary: Your browser sent a request that this server could not understand. Request he...
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: httpd
Version: 6.0
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Joe Orton
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-11 18:23 UTC by robert
Modified: 2011-09-16 08:22 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 624609
Environment:
Last Closed: 2011-09-16 08:22:14 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description robert 2011-03-11 18:23:57 UTC 
+++ This bug was initially created as a clone of Bug #624609 +++

Description of problem:

Lately, I've started getting a lot of “Request header field is missing ':' separator.” when accessing my fedora-hosted webmail

It seems a bug has been introduced apache-side or squirrelmail-side

I had some problem occurrences using various versions of firefox (linux and windows), and even a few times when using Links

Version-Release number of selected component (if applicable):
httpd-2.2.16-1.fc14

--- Additional comment from nicolas.mailhot on 2010-08-17 04:38:58 EDT ---

Created attachment 439071 [details]
Exemple of problem exchange captured by live http headers extension client-side

The error generated in the right pane was:

Bad Request

Your browser sent a request that this server could not understand.
Request header field is missing ':' separator.

pEyPnEsB%2B4

Apache Server at myserver.com Port 443

--- Additional comment from jorton on 2010-08-17 05:23:53 EDT ---

This is seen over SSL?

--- Additional comment from nicolas.mailhot on 2010-08-17 08:31:28 EDT ---

Yes, this is an https access

--- Additional comment from nicolas.mailhot on 2010-08-17 08:32:16 EDT ---

(you have all the traces and URLs used in the attached capture)

--- Additional comment from jorton on 2010-08-17 08:59:26 EDT ---

Can you try this build:

http://koji.fedoraproject.org/koji/taskinfo?taskID=2406801

it pulls in one bug fix from upstream.

--- Additional comment from nicolas.mailhot on 2010-08-17 13:32:40 EDT ---

I'll test this one now.

--- Additional comment from nicolas.mailhot on 2010-08-19 12:41:27 EDT ---

Seems fixed, many thanks

--- Additional comment from sandro.bonazzola on 2010-10-08 10:14:24 EDT ---

The package is still not in Fedora 14: latest httpd available is built 26/07/2010. The fix according to http://koji.fedoraproject.org/koji/taskinfo?taskID=2406801
 is dated Tue, 17 Aug 2010.

It isn't in fedora repo or in updates-testing repo. Can anybody push this to the repository?

--- Additional comment from bugzilla_redhat on 2010-10-26 16:26:58 EDT ---

Could you please push this fix in bodhi, so we can get it in F14 as a 0-day update?

Many thanks.

--- Additional comment from jorton on 2010-10-27 06:06:40 EDT ---

Sorry, yes, this bug shouldn't have been closed out.  I'm building 2.2.17 for f14 updates which has this fix.

--- Additional comment from jorton on 2010-10-27 06:07:15 EDT ---

*** Bug 646704 has been marked as a duplicate of this bug. ***

--- Additional comment from updates on 2010-10-27 06:15:36 EDT ---

httpd-2.2.17-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/httpd-2.2.17-1.fc14

--- Additional comment from updates on 2010-10-28 01:58:45 EDT ---

httpd-2.2.17-1.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update httpd'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/httpd-2.2.17-1.fc14

--- Additional comment from jorton on 2010-10-29 06:34:40 EDT ---

*** Bug 640959 has been marked as a duplicate of this bug. ***

--- Additional comment from updates on 2010-11-08 17:35:26 EST ---

httpd-2.2.17-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.


====================================================

This bug also occurs on RHEL6 (httpd-2.2.15)
Comment 2 Joe Orton 2011-03-12 15:13:10 UTC 
The Fedora bug to which this corresponds is caused by an overlapping memcpy() in mod_ssl.  This issue was triggered by a change in glibc which meant an overlapping memcpy now causes data corruption - see bug 638477 for background.

The particular change in the glibc memcpy is not present in the RHEL 6 glibc, and this issue is not known to be reproducible in the RHEL 6 httpd.

Please:

a) describe exactly the symptoms you are seeing, and describe how you can reproduce them.

b) confirm the version of glibc you are using.

Please note that bugzilla is not a support tool and customers should contact Red Hat Technical Support in the first instance with any questions or issues you are having with the software; see:

  http://www.redhat.com/support/process/

for more information.
Comment 3 robert 2011-03-14 09:06:59 UTC 
Symptoms :
When accessing pages through SSL, I receive sometimes :

     Bad Request

     Your browser sent a request that this server could not understand.
     Request header field is missing ':' separator.

     olhuaqv3o1t29flvr0

It happens not often at the beginning, but it becomes worst if the server stays running for some time.  A simple 'refresh' of the page often succeed.

Disabling "mod_rewrite" (found on forums) seems to remove the problem, but it's hard to be sure as the problem does not always occur...

Currently, I solved the problem by compiling the httpd-2.2.17 source rpm for FC13, which seems to work normally without this issue, with the exact same configuration...

GLIBC : glibc-2.12-1.7.el6_0.3.i686
Comment 4 RHEL Program Management 2011-04-04 02:10:41 UTC 
Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 5 Joe Orton 2011-05-31 14:43:51 UTC 
Is this still reproducible with 2.2.15-9?
Comment 6 Joe Orton 2011-09-16 08:22:14 UTC 
If you have a reproduction case with the latest updates, please re-open.
Note You need to log in before you can comment on or make changes to this bug.