Mark Thomas wrote:
Michal Vyskocil wrote:
I'm unable to locate a patch to fix the CVE-2005-2090. I cannot found
any hint from svn commit log or bugzilla.
Maybe is this commit
------------------------------------------------------------------------
r513079 | markt | 2007-03-01 01:26:12 +0100 (Čt, 01 bře 2007) | 1 line
As per RFC2616, requests with multiple content-length headers are
invalid.
Yep, that's it.
isn't it documented incorrectly then?, we dont return 400, we just grab
one of the headers.
filip
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
