Overview

File tomcat-8.0.32-CVE-2016-5388.patch of Package tomcat.4188

Index: apache-tomcat-8.0.32-src/java/org/apache/catalina/servlets/CGIServlet.java
===================================================================
--- apache-tomcat-8.0.32-src.orig/java/org/apache/catalina/servlets/CGIServlet.java
+++ apache-tomcat-8.0.32-src/java/org/apache/catalina/servlets/CGIServlet.java
@@ -1095,6 +1095,7 @@ public final class CGIServlet extends Ht
                 //REMIND: change character set
                 //REMIND: I forgot what the previous REMIND means
                 if ("AUTHORIZATION".equalsIgnoreCase(header) ||
+		    "PROXY".equalsIgnoreCase(header) || // CVE-2016-5388
                     "PROXY_AUTHORIZATION".equalsIgnoreCase(header)) {
                     //NOOP per CGI specification section 11.2
                 } else {
openSUSE Build Service is sponsored by
Places