[ale] old '99 bug still in latest Apache ?!

Jerry Yu jjj863 at gmail.com
Wed Dec 28 14:46:14 EST 2005


I ran into an old bug, I believe, with Apache-2.0.52-19, the latest on RHEL
4 AS or CentOS 4.1. Server returns internal error (500) when "Accept:
thousandsOfChar/gif\n" is specified in a HTTP/1.0 request. The server
handles it fine if such header is used in a HTTP/1.1 request.

 I am quite surprised this bug is still there, as such behavior is
documented in CVE as (CVE-1999-0751). Any apache directive to use to force
apache to serve http/1.1 only?  Any other get-arounds if one has to serve
http/1.0 to accomodate some older browsers?
-------------- next part --------------
An HTML attachment was scrubbed...




More information about the Ale mailing list