Bug 63461 - HEAD request with a 404 and custom ErrorPage causes corrupt and mixed-up responses
Summary: HEAD request with a 404 and custom ErrorPage causes corrupt and mixed-up resp...
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.4.6
Hardware: Other Linux
: P2 major with 1 vote (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2019-05-23 14:13 UTC by Alex
Modified: 2019-06-05 14:59 UTC (History)
1 user (show)


Note You need to log in before you can comment on or make changes to this bug.
Description Alex 2019-05-23 14:13:49 UTC
The setup uses mod_proxy and custom 404 ErrorPage that is served by Tomcat via http. When HEAD request is made to Apache and results in 404, Apache makes GET request to the custom ErrorPage url on Tomcat that is returning a fairly large html page. At this point the headers Apache returns to the original caller are all mixed-up, it seems to serve data from some other requests and it all feels like some buffer overflow, it also corrupts other http requests that are executing concurrently on the Apache instance and they start returning garbage as well. When 404 HEAD requests are stopped it all goes back to normal.
Comment 1 Ruediger Pluem 2019-05-29 06:55:35 UTC
2.4.6 is very outdated. If the binaries are delivered by e.g. a Linux distribution, please open a case / ticket with them as we do not know which patches they added on top of 2.4.6. Otherwise please try to reproduce the issue with 2.4.39. In any case if the issue persists more details about your configuration are needed. We need your proxy and errorpage configuration. Feel free to replace IP's and hostnames with dummy addresses / names.
Are there any entries in the error log?
Comment 2 Alex 2019-06-05 14:59:34 UTC
We built Apache 2.4.39 and can not reproduce the issue on that build.
We will file a new issue with RedHat. It's reproducible in "httpd-2.4.6-88.el7.centos.x86_64".