PHP :: Bug #20517 :: Reopening bug #19113

Bug #20517	Reopening bug #19113
Submitted:	2002-11-20 07:37 UTC	Modified:	2003-03-07 11:04 UTC
From:	daniel dot gorski at develnet dot org	Assigned:
Status:	Not a bug	Package:	Apache related
PHP Version:	4.3.0RC1	OS:	RH Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	daniel dot gorski at develnet dot org
New email:
PHP Version:		OS:

New Comment:

[2002-11-20 07:37 UTC] daniel dot gorski at develnet dot org

The *critical* error described in #19113 still exists in 4.3.0RC1. Misuse of HTTPs CONNECT-header allows tunneling and relaying of various services (like e.g. SMTP in intranets).

There are thousands of open relays outside due to this bug.

regards dtg

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-11-20 07:41 UTC] sander@php.net

I've reopened the report.

[2003-03-07 11:04 UTC] sniper@php.net

(not real bug report, thus bogus)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2026 The PHP Group All rights reserved.	Last updated: Wed Feb 04 02:00:01 2026 UTC