CVE-2016-5387 패치
APACHE
작성자
nstor
작성일
2016-08-12 03:25
조회
2228
[root@localhost SOURCES]# cat httpd-2.2.15-CVE-2016-5387.patch
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5387
--- httpd-2.2.15/server/util_script.c.cve5387
+++ httpd-2.2.15/server/util_script.c
@@ -176,6 +176,10 @@
continue;
}
#endif
+ else if (!strcasecmp(hdrs[i].key, "Proxy")) {
+ /* Don't pass through HTTP_PROXY */
+ continue;
+ }
else {
apr_table_addn(e, http2env(r->pool, hdrs[i].key), hdrs[i].val);
}
httpd 소스에 패치를 실행합니다.
[root@localhost httpd-2.2.31]# patch -p1 < httpd-2.2.15-CVE-2016-5387.patch
patching file server/util_script.c
아래부분은 패치 적용된 부분입니다.
[root@localhost httpd-2.2.31]# diff server/util_script.c.orig server/util_script.c
178a179,182
> else if (!strcasecmp(hdrs[i].key, "Proxy")) {
> /* Don't pass through HTTP_PROXY */
> continue;
> }
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5387
--- httpd-2.2.15/server/util_script.c.cve5387
+++ httpd-2.2.15/server/util_script.c
@@ -176,6 +176,10 @@
continue;
}
#endif
+ else if (!strcasecmp(hdrs[i].key, "Proxy")) {
+ /* Don't pass through HTTP_PROXY */
+ continue;
+ }
else {
apr_table_addn(e, http2env(r->pool, hdrs[i].key), hdrs[i].val);
}
httpd 소스에 패치를 실행합니다.
[root@localhost httpd-2.2.31]# patch -p1 < httpd-2.2.15-CVE-2016-5387.patch
patching file server/util_script.c
아래부분은 패치 적용된 부분입니다.
[root@localhost httpd-2.2.31]# diff server/util_script.c.orig server/util_script.c
178a179,182
> else if (!strcasecmp(hdrs[i].key, "Proxy")) {
> /* Don't pass through HTTP_PROXY */
> continue;
> }
