Summary: | mod_proxy_ajp: mixed up response after client connection abort | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Yap Sok Ann <sokann> |
Component: | mod_proxy_ajp | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | critical | Keywords: | FixedInTrunk |
Priority: | P2 | ||
Version: | 2.4.2 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux |
Description
Yap Sok Ann
2012-08-16 05:41:34 UTC
Actually, step 4 and 5 are just red herring. I can reproduce the bug without enabling mod_deflate and with a normal Firefox. (In reply to comment #1) > Actually, step 4 and 5 are just red herring. I can reproduce the bug without > enabling mod_deflate and with a normal Firefox. Which version of Tomcat did you use? Any changes to the default configuration of the Tomcat AJP connector or (apart from the mentioned one ProxyPass line) to mod_proxy configuration? Could you please provide your Tomcat server.xml? Can you reproduce with the Tomcat standard ROOT context plus a slow.jsp with the following contents? <%Thread.sleep(4000);%> Done. Regards, Rainer This was assigned CVE-2012-3507. It has been fixed in r1373955 for trunk and r1374297 for 2.4.x and was released today with version 2.4.3. Not 2.2 version is affected. Oups, I meant CVE-2012-3502. |