[users@httpd] Re: Apache 2.0.55/win32 + OpenSSL 0.9.8a & OWA Reverse Proxy Problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Manuel Martin (martin@xxxxxxxxxxxxxxxxxx) wrote:

since 2.0.55 a reverse SSL-proxy (on Windows 2000) which I setup for MS
Exchange 2003 Outlook Web Access makes problems. The users stumbled over
the problem that they cannot attach files to their emails. I tried it
myself: the attachment seems to be uploaded to the server, but is not
"registered" by Exchange.
If I downgrade to 2.0.54 + OpenSSL 0.9.8 (I changed Apache while back to
make that compilation possible) it works fine again.
I really suspect this change to be the culprit:
"SECURITY: CAN-2005-2088 (cve.mitre.org)
proxy: Correctly handle the Transfer-Encoding and Content-Length
headers.  Discard the request Content-Length whenever T-E: chunked
is used, always passing one of either C-L or T-E: chunked whenever the request includes a request body. Resolves an entire class of
proxy HTTP Request Splitting/Spoofing attacks.  [William Rowe]"

Has anyone run or _not_ run into this problem with this configuration?

Same problem here using apache 2.0.55 on FreeBSD 5.4.

--
Please do not feed my mailbox, Swen still does his job well


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux