Overview

File apache2-CVE-2024-38476-5.patch of Package apache2.34771

Index: httpd-2.4.23/modules/mappers/mod_actions.c
===================================================================
--- httpd-2.4.23.orig/modules/mappers/mod_actions.c
+++ httpd-2.4.23/modules/mappers/mod_actions.c
@@ -182,8 +182,10 @@ static int action_handler(request_rec *r
         return DECLINED;
 
     /* Second, check for actions (which override the method scripts) */
-    action = r->handler ? r->handler :
-        ap_field_noparam(r->pool, r->content_type);
+    action = r->handler;
+    if (!action && AP_REQUEST_IS_TRUSTED_CT(r)) {
+        action = ap_field_noparam(r->pool, r->content_type);
+    }
 
     if (action && (t = apr_table_get(conf->action_types, action))) {
         if (*t++ == '0' && r->finfo.filetype == APR_NOFILE) {
openSUSE Build Service is sponsored by
Places