PHP :: Bug #20517 :: Reopening bug #19113

Bug #20517	Reopening bug #19113
Submitted:	2002-11-20 07:37 UTC	Modified:	2003-03-07 11:04 UTC
From:	daniel dot gorski at develnet dot org	Assigned:
Status:	Not a bug	Package:	Apache related
PHP Version:	4.3.0RC1	OS:	RH Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2002-11-20 07:37 UTC] daniel dot gorski at develnet dot org

The *critical* error described in #19113 still exists in 4.3.0RC1. Misuse of HTTPs CONNECT-header allows tunneling and relaying of various services (like e.g. SMTP in intranets).

There are thousands of open relays outside due to this bug.

regards dtg

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-11-20 07:41 UTC] sander@php.net

I've reopened the report.

[2003-03-07 11:04 UTC] sniper@php.net

(not real bug report, thus bogus)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Jun 02 08:01:31 2024 UTC