Incomplete fix CVE-2012-4558 has been localized in revision 1413732 mod_proxy_balancer.c ---------- if (wsel && bsel) { ap_rputs("<h3>Edit worker settings for ", r); ap_rvputs(r, (*wsel->s->uds_path?"<i>":""), ap_proxy_worker_name(r->pool, wsel), (*wsel->s->uds_path?"</i>":""), "</h3>\n", NULL); ap_rputs("<form method=\"POST\" enctype=\"application/x-www-form-urlencoded\" action=\"", r); ap_rvputs(r, ap_escape_uri(r->pool, action), "\">\n", NULL); ---------- ap_escape_uri() has been added to variable 'action' but in code there is one another using of 'action' ---------- } else if (bsel) { const apr_array_header_t *provs; const ap_list_provider_names_t *pname; int i; ap_rputs("<h3>Edit balancer settings for ", r); ap_rvputs(r, bsel->s->name, "</h3>\n", NULL); ap_rputs("<form method='POST' enctype='application/x-www-form-urlencoded' action='", r); ap_rvputs(r, action, "'>\n", NULL); ---------- Sholud be this patched? BR, Maksymilian cifrex.org
Thanks for the pointer. Fixed in r1595305 in trunk.
Does this new fix have any security impact?
Backported to 2.4.x as r1603141