17 lines
430 B
Diff
17 lines
430 B
Diff
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5387
|
|
|
|
--- httpd-2.4.18/server/util_script.c.cve5387
|
|
+++ httpd-2.4.18/server/util_script.c
|
|
@@ -195,6 +195,10 @@
|
|
}
|
|
}
|
|
#endif
|
|
+ else if (!strcasecmp(hdrs[i].key, "Proxy")) {
|
|
+ /* Don't pass through HTTP_PROXY */
|
|
+ continue;
|
|
+ }
|
|
else
|
|
add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val);
|
|
}
|