[ale] old '99 bug still in latest Apache ?!

Jerry Yu jjj863 at gmail.com
Thu Dec 29 11:05:44 EST 2005


I guess I'll file a bug report to Redhat/CentOS and/or Apache.

On 12/28/05, Jerald Sheets <jsheets at yahoo.com> wrote:
>
> The environment variables can help you force a 1.0 answer, but  I'm
> not sure it works in reverse.  Check Apache's Environment variable
> reference.
>
>
> Jerald M. Sheets jr.
> Sr. UNIX Systems Administrator
> The Weather Channel Interactive
> 404.293.8762
>
>
>
> On Dec 28, 2005, at 2:46 PM, Jerry Yu wrote:
>
> > I ran into an old bug, I believe, with Apache-2.0.52-19, the latest
> > on RHEL 4 AS or CentOS 4.1. Server returns internal error (500)
> > when "Accept: thousandsOfChar/gif\n" is specified in a HTTP/1.0
> > request. The server handles it fine if such header is used in a
> > HTTP/1.1 request.
> >
> >  I am quite surprised this bug is still there, as such behavior is
> > documented in CVE as (CVE-1999-0751). Any apache directive to use
> > to force apache to serve http/1.1 only?  Any other get-arounds if
> > one has to serve http/1.0 to accomodate some older browsers?
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
-------------- next part --------------
An HTML attachment was scrubbed...




More information about the Ale mailing list