Manuel Martin (martin@xxxxxxxxxxxxxxxxxx) wrote:
since 2.0.55 a reverse SSL-proxy (on Windows 2000) which I setup for MS Exchange 2003 Outlook Web Access makes problems. The users stumbled over the problem that they cannot attach files to their emails. I tried it myself: the attachment seems to be uploaded to the server, but is not "registered" by Exchange. If I downgrade to 2.0.54 + OpenSSL 0.9.8 (I changed Apache while back to make that compilation possible) it works fine again. I really suspect this change to be the culprit: "SECURITY: CAN-2005-2088 (cve.mitre.org) proxy: Correctly handle the Transfer-Encoding and Content-Length headers. Discard the request Content-Length whenever T-E: chunkedis used, always passing one of either C-L or T-E: chunked whenever the request includes a request body. Resolves an entire class ofproxy HTTP Request Splitting/Spoofing attacks. [William Rowe]" Has anyone run or _not_ run into this problem with this configuration?
Same problem here using apache 2.0.55 on FreeBSD 5.4. -- Please do not feed my mailbox, Swen still does his job well --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|