rpm/apache2
SHA256
1
0
Fork 0
forked from pool/apache2
Code Pull Requests Activity
apache2/apache2-mod_example.c
David Anes 9ac936a203 - Update to 2.4.62 
*) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with
     mod_rewrite in server/vhost context on Windows (cve.mitre.org)
     [boo#1228098]
     SSRF in Apache HTTP Server on Windows with mod_rewrite in
     server/vhost context, allows to potentially leak NTML hashes to
     a malicious server via SSRF and malicious requests.
     Users are recommended to upgrade to version 2.4.62 which fixes
     this issue.
     Credits: Smi1e (DBAPPSecurity Ltd.)
  *) SECURITY: CVE-2024-40725: Apache HTTP Server: source code
     disclosure with handlers configured via AddType (cve.mitre.org)
     [boo#1228097]
     A partial fix for  CVE-2024-39884 in the core of Apache HTTP
     Server 2.4.61 ignores some use of the legacy content-type based
     configuration of handlers. "AddType" and similar configuration,
     under some circumstances where files are requested indirectly,
     result in source code disclosure of local content. For example,
     PHP scripts may be served instead of interpreted.
     Users are recommended to upgrade to version 2.4.62, which fixes
     this issue.
  *) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for
     "balancer:" URLs set via SetHandler, also allowing for "unix:" sockets
     with BalancerMember(s).  PR 69168.  [Yann Ylavic]
  *) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs.
     PR 69160 [Yann Ylavic]
  *) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2.
     [Joe Orton]
  *) mod_ssl: Add support for loading certs/keys from pkcs11: URIs
     via OpenSSL 3.x providers.  [Ingo Franzki <ifranzki linux.ibm.com>]
  *) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0.
     [Ruediger Pluem, Yann Ylavic]
  *) mpm_worker: Fix possible warning (AH00045) about children processes not
     terminating timely.  [Yann Ylavic]

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=706
2024-08-07 12:48:58 +00:00

49 lines
1.6 KiB
C
Raw Permalink Blame History

/* Include the required headers from httpd */
#include "httpd.h"
#include "http_core.h"
#include "http_protocol.h"
#include "http_request.h"
/* Define prototypes of our functions in this module */
static void register_hooks(apr_pool_t *pool);
static int example_handler(request_rec *r);
/* Define our module as an entity and assign a function for registering hooks */
module AP_MODULE_DECLARE_DATA example_module =
{
STANDARD20_MODULE_STUFF,
NULL, // Per-directory configuration handler
NULL, // Merge handler for per-directory configurations
NULL, // Per-server configuration handler
NULL, // Merge handler for per-server configurations
NULL, // Any directives we may have for httpd
register_hooks // Our hook registering function
};
/* register_hooks: Adds a hook to the httpd process */
static void register_hooks(apr_pool_t *pool)
{
/* Hook the request handler */
ap_hook_handler(example_handler, NULL, NULL, APR_HOOK_LAST);
}
/* The handler function for our module.
* This is where all the fun happens!
*/
static int example_handler(request_rec *r)
{
/* First off, we need to check if this is a call for the "example" handler.
* If it is, we accept it and do our things, it not, we simply return DECLINED,
* and Apache will try somewhere else.
*/
if (!r->handler || strcmp(r->handler, "example-handler")) return (DECLINED);
// The first thing we will do is write a simple "Hello, world!" back to the client.
ap_rputs("Hello, world!<br/>\n", r);
return OK;
}
View Git Blame Copy Permalink