SECURITY: CVE-2010-0408 (cve.mitre.org)

mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR. Submitted by: Niku Toivola <niku.toivola sulake.com> Reviewed by: rpluem, jim, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@917875 13f79535-47bb-0310-9956-ffa450edef68
author: William A. Rowe Jr <wrowe@apache.org> 2010-03-02 05:46:13 +0100
committer: William A. Rowe Jr <wrowe@apache.org> 2010-03-02 05:46:13 +0100
commit: 29525f5d2c0514611cb8c5b616fd88d6fc0ce6a0 (patch)
tree: 489fcc005f23829289865e6d884f3d112432c406 /modules/proxy/mod_proxy_ajp.c
parent: SECURITY: CVE-2010-0425 (cve.mitre.org) (diff)
download: apache2-29525f5d2c0514611cb8c5b616fd88d6fc0ce6a0.tar.xz
apache2-29525f5d2c0514611cb8c5b616fd88d6fc0ce6a0.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
index 635ba32a89..0f5674cbec 100644
--- a/modules/proxy/mod_proxy_ajp.c
+++ b/modules/proxy/mod_proxy_ajp.c
@@ -257,7 +257,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                          "proxy: ap_get_brigade failed");
             apr_brigade_destroy(input_brigade);
-            return HTTP_INTERNAL_SERVER_ERROR;
+            return HTTP_BAD_REQUEST;
         }
 
         /* have something */
author	William A. Rowe Jr <wrowe@apache.org>	2010-03-02 05:46:13 +0100
committer	William A. Rowe Jr <wrowe@apache.org>	2010-03-02 05:46:13 +0100
commit	29525f5d2c0514611cb8c5b616fd88d6fc0ce6a0 (patch)
tree	489fcc005f23829289865e6d884f3d112432c406 /modules/proxy/mod_proxy_ajp.c
parent	SECURITY: CVE-2010-0425 (cve.mitre.org) (diff)
download	apache2-29525f5d2c0514611cb8c5b616fd88d6fc0ce6a0.tar.xz apache2-29525f5d2c0514611cb8c5b616fd88d6fc0ce6a0.zip