Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP3:Update
apache2-mod_wsgi-python3
CVE-2022-2255.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2022-2255.patch of Package apache2-mod_wsgi-python3
From af3c0c2736bc0b0b01fa0f0aad3c904b7fa9c751 Mon Sep 17 00:00:00 2001 From: Graham Dumpleton <Graham.Dumpleton@gmail.com> Date: Mon, 18 Jul 2022 12:29:38 +1000 Subject: [PATCH] Add fix to ensure that X-Client-IP header is dropped when is not a trusted header. --- src/server/mod_wsgi.c | 1 + 1 file changed, 1 insertion(+) Index: mod_wsgi-4.5.18/src/server/mod_wsgi.c =================================================================== --- mod_wsgi-4.5.18.orig/src/server/mod_wsgi.c +++ mod_wsgi-4.5.18/src/server/mod_wsgi.c @@ -13643,6 +13643,7 @@ static void wsgi_process_proxy_headers(r value = apr_table_get(r->subprocess_env, name); if (!strcmp(name, "HTTP_X_FORWARDED_FOR") || + !strcmp(name, "HTTP_X_CLIENT_IP") || !strcmp(name, "HTTP_X_REAL_IP")) { match_client_header = 1;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
