Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-1608

Apache HTTPD 2.4.2 in front of Tomcat leads to response mixups

    Details

    • Type: Documentation
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0
    • Component/s: None
    • Labels:
    • Environment:
      Windows
    • Attachments:
      0
    • Comments:
      1
    • Documentation Status:
      Complete or Committed

      Description

      When using Apache 2.4.2 (and lower) in front of a DSpace webapp deployed in Tomcat, mod_proxy_ajp and possibly mod_proxy_http breaks the connection to the back end (Tomcat) prematurely leading to response mixups. This is reported as bug CVE-2012-3502 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3502) of Apache en fixed in Apache 2.4.3 (see http://www.apache.org/dist/httpd/CHANGES_2.4). The 2.2.x branch hasn't shown this problem only the 2.4.x branch has.

      Recommend updating the documentation with a warning.

        Attachments

          Activity

            People

            • Assignee:
              helix84 Ivan Masár
              Reporter:
              rdillen Roeland Dillen
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: