站内搜索: 请输入搜索关键词

当前页面: 开发资料首页业界新闻Apache HTTP Server 2.0.55 版本发布

Apache HTTP Server 2.0.55 版本发布

摘要: Apache HTTPD 开发小组宣布发布 Apache HTTP Server 2.0.55 版本.新版本主要是做了安全上的一些改进, 修改了一些潜在的安全威胁.
Apache HTTPD 开发小组宣布发布 Apache HTTP Server 2.0.55 版本

新版本主要是做了安全上的一些改进, 修改了一些潜在的安全威胁.

Apache提到主要有以下几点:

CAN-2005-2088 (cve.mitre.org)
core: If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length.

proxy_http: Correctly handle the Transfer-Encoding and Content-Length request headers. Discard the request Content-Length whenever chunked T-E is used, always passing one of either C-L or T-E chunked whenever the request includes a request body.

Unassigned
proxy_http: If a response contains both Transfer-Encoding and a Content-Length, remove the Content-Length and don't reuse the connection.

CAN-2005-2700 (cve.mitre.org)
mod_ssl: Fix a security issue where "SSLVerifyClient" was not enforced in per-location context if "SSLVerifyClient optional" was configured in the vhost configuration.

CAN-2005-2491 (cve.mitre.org)
pcre: Fix integer overflows in PCRE in quantifier parsing which could be triggered by a local user through use of a carefully crafted regex in an .htaccess file.

CAN-2005-2728 (cve.mitre.org)
Fix cases where the byterange filter would buffer responses into memory.

CAN-2005-1268 (cve.mitre.org)
mod_ssl: Fix off-by-one overflow whilst printing CRL information at "LogLevel debug" which could be triggered if configured to use a "malicious" CRL.

下载最新版本:
http://httpd.apache.org/download.cgi
↑返回目录
前一篇: Web App Framework-RIFE 1.2 新版发布
后一篇: 腾讯收购网游开发运营商深圳网域19.9%股权