[Bug 1226217] Regression of security fix: Apache ignores headers sent by CGI scripts
https://bugzilla.suse.com/show_bug.cgi?id=1226217
https://bugzilla.suse.com/show_bug.cgi?id=1226217#c6
--- Comment #6 from David Anes
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0 Build Identifier:
A CGI script sents Status: 200 OK\r\n Content-Length: 422264\r\n Content-type: application/octet-stream\r\n Connection: close\r\n\rn ...data
the Apache sends HTTP/1.1 200 OK\r\n Date: Wed, 12 Jun 2024 11:24:45 GMT\r\n Server: Apache\r\n Connection: close\r\n Transfer-Encoding: chunked\r\n Content-Type: application/octet-stream\r\n\r\n
This is missing the content length. This again breaks the client software relying on the content length.
Dirk, to speed up things while I setup everything, can you send us the same information (a sample for headers in/out of the http requests) using the downgraded version that works for you? Thank you. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com