2022-06-23 06:26:30 |
Tolga Özgan |
bug |
|
|
added bug |
2022-06-23 06:27:49 |
Tolga Özgan |
description |
Hi There,
we have also an Ubuntu 14.04 with ESM. The Apache is used as a reverse proxy for localhost micro-services. Up until version 2.4.7-1ubuntu4.22+esm5 it was working correctly. We can see that the content (body) of the proxied requests are removed and the "Content-length" header is set to 0. WE can see this via tcpdump. There is only one virtual host (plus the redirect http to https)
We had to roll back the change to an available earlier version (2.4.7-1ubuntu4.22 amd64) and everything is working again. This is a production server so it has also a security impact...
Please investigate.
I can provide further information if needed.
Thank you very much |
Hi There,
we have also an Ubuntu 14.04 with ESM. The Apache is used as a reverse proxy for localhost micro-services. Up until version 2.4.7-1ubuntu4.22+esm5 which was applied yesterday, it was working correctly. We can see that the content (body) of the proxied requests are removed and the "Content-length" header is set to 0. WE can see this via tcpdump. There is only one virtual host (plus the redirect http to https)
We had to roll back the change to an available earlier version (2.4.7-1ubuntu4.22 amd64) and everything is working again. This is a production server so it has also a security impact...
Please investigate.
I can provide further information if needed.
Thank you very much |
|
2022-06-23 06:28:04 |
Tolga Özgan |
description |
Hi There,
we have also an Ubuntu 14.04 with ESM. The Apache is used as a reverse proxy for localhost micro-services. Up until version 2.4.7-1ubuntu4.22+esm5 which was applied yesterday, it was working correctly. We can see that the content (body) of the proxied requests are removed and the "Content-length" header is set to 0. WE can see this via tcpdump. There is only one virtual host (plus the redirect http to https)
We had to roll back the change to an available earlier version (2.4.7-1ubuntu4.22 amd64) and everything is working again. This is a production server so it has also a security impact...
Please investigate.
I can provide further information if needed.
Thank you very much |
Hi There,
we have also an Ubuntu 14.04 with ESM. The Apache is used as a reverse proxy for localhost micro-services. Until version 2.4.7-1ubuntu4.22+esm5 which was applied yesterday, it was working correctly. We can see that the content (body) of the proxied requests are removed and the "Content-length" header is set to 0. WE can see this via tcpdump. There is only one virtual host (plus the redirect http to https)
We had to roll back the change to an available earlier version (2.4.7-1ubuntu4.22 amd64) and everything is working again. This is a production server so it has also a security impact...
Please investigate.
I can provide further information if needed.
Thank you very much |
|
2022-06-23 06:31:58 |
Tolga Özgan |
description |
Hi There,
we have also an Ubuntu 14.04 with ESM. The Apache is used as a reverse proxy for localhost micro-services. Until version 2.4.7-1ubuntu4.22+esm5 which was applied yesterday, it was working correctly. We can see that the content (body) of the proxied requests are removed and the "Content-length" header is set to 0. WE can see this via tcpdump. There is only one virtual host (plus the redirect http to https)
We had to roll back the change to an available earlier version (2.4.7-1ubuntu4.22 amd64) and everything is working again. This is a production server so it has also a security impact...
Please investigate.
I can provide further information if needed.
Thank you very much |
Hi There,
we have an Ubuntu 14.04 with ESM. The Apache is used as a reverse proxy for localhost micro-services. Until version 2.4.7-1ubuntu4.22+esm5 which was applied yesterday, it was working correctly. We can see that the content (body) of the proxied requests are removed and the "Content-length" header is set to 0. WE can see this via tcpdump. There is only one virtual host (plus the redirect http to https)
We had to roll back the change to an available earlier version (2.4.7-1ubuntu4.22 amd64) and everything is working again. This is a production server so it has also a security impact...
Please investigate.
I can provide further information if needed.
Thank you very much |
|
2022-06-24 09:33:05 |
Utkarsh Gupta |
bug |
|
|
added subscriber Ubuntu Security Team |
2022-06-27 10:56:37 |
Paride Legovini |
apache2 (Ubuntu): status |
New |
Incomplete |
|
2022-07-14 01:46:54 |
Seth Arnold |
apache2 (Ubuntu): status |
Incomplete |
Fix Released |
|