Author: covener
Revision: 1916777
Modified property: svn:log
Modified: svn:log at Thu Apr 4 14:03:35 2024
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Thu Apr 4 14:03:35 2024
@@ -1,5 +1,17 @@
let httpd handle CL/TE for non-http handlers
backport r1916769 from trunk:
+
+ *) SECURITY: CVE-2024-24795: Apache HTTP Server: HTTP Response
+ Splitting in multiple modules (cve.mitre.org)
+ HTTP Response splitting in multiple modules in Apache HTTP
+ Server allows an attacker that can inject malicious response
+ headers into backend applications to cause an HTTP
+ desynchronization attack.
+ Users are recommended to upgrade to version 2.4.59, which fixes
+ this issue.
+ Credits: Keran Mu, Tsinghua University and Zhongguancun
+ Laboratory.
+
Submitted By: ylavic, covener
Revision: 1916777
Modified property: svn:log
Modified: svn:log at Thu Apr 4 14:03:35 2024
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Thu Apr 4 14:03:35 2024
@@ -1,5 +1,17 @@
let httpd handle CL/TE for non-http handlers
backport r1916769 from trunk:
+
+ *) SECURITY: CVE-2024-24795: Apache HTTP Server: HTTP Response
+ Splitting in multiple modules (cve.mitre.org)
+ HTTP Response splitting in multiple modules in Apache HTTP
+ Server allows an attacker that can inject malicious response
+ headers into backend applications to cause an HTTP
+ desynchronization attack.
+ Users are recommended to upgrade to version 2.4.59, which fixes
+ this issue.
+ Credits: Keran Mu, Tsinghua University and Zhongguancun
+ Laboratory.
+
Submitted By: ylavic, covener