RFC7230 section 3.2.6 (https://tools.ietf.org/html/rfc7230#section-3.2.6 ) defines a HTTP header field as:
header-field = field-name ":" OWS field-value OWS
field-name = token
and
token = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
/ "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
/ DIGIT / ALPHA
; any VCHAR, except delimiters
I believe Apache 2.2.32 fails to comply with the above definition for a single character request header. Apache 2.4.25 on the other hand accepts these requests just fine.
------------------------------------------------
GET / HTTP/1.1
Host: dw00043.dweb.intranet.db.com
t: testalpha
------------------------------------------------
------------------------------------------------
GET / HTTP/1.1
Host: dw00043.dweb.intranet.db.com
0: testnum
------------------------------------------------
Is this a bug, and is there a chance of fixing it in 2.2.32 ?
---
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Please refer to https://www.db.com/disclosures for additional EU corporate and regulatory disclosures and to http://www.db.com/unitedkingdom/content/privacy.htm for information about privacy.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|