simono41/shellinabox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
shellinabox/libhttp
History
KLuka 4aa0eb97e4 Disable HTTP fallback via "/plain" URL (CVE-2015-8400) 
* Disabled all methods of HTTP fallback when HTTPS is enabled. This
  is enforced on server side so that even modified client code (JS)
  can not redirect client from HTTPS to HTTP, like it was possible
  before (issue #355).
* Current solution unfortunately also disables automatic upgrade from
  HTTP to HTTPS (when available), since all non-SSL connections are
  droped immediately.
2015-12-03 17:47:26 +01:00
..
hashmap.c Use a config.h file, instead of passing configuration options on the compiler's 2009-02-11 23:25:15 +00:00
hashmap.h Updated copyright notice. 2009-01-02 06:09:13 +00:00
http.h Disable HTTP fallback via "/plain" URL (CVE-2015-8400) 2015-12-03 17:47:26 +01:00
httpconnection.c Disable HTTP fallback via "/plain" URL (CVE-2015-8400) 2015-12-03 17:47:26 +01:00
httpconnection.h Real IP recognition over proxy (partial fix #54) 2015-05-17 20:05:15 +02:00
libhttp.sym Started working on support for WebSockets. 2010-03-29 16:40:17 +00:00
server.c Disable HTTP fallback via "/plain" URL (CVE-2015-8400) 2015-12-03 17:47:26 +01:00
server.h Disable HTTP fallback via "/plain" URL (CVE-2015-8400) 2015-12-03 17:47:26 +01:00
ssl.c Disable HTTP fallback via "/plain" URL (CVE-2015-8400) 2015-12-03 17:47:26 +01:00
ssl.h Disable HTTP fallback via "/plain" URL (CVE-2015-8400) 2015-12-03 17:47:26 +01:00
trie.c Fixed a null pointer dereference that could be triggered by using non-standard 2009-07-04 08:46:28 +00:00
trie.h Updated copyright notice. 2009-01-02 06:09:13 +00:00
url.c Logging and debuging 2015-08-23 19:25:36 +02:00
url.h Improved code session and URL handling 2015-05-26 22:37:32 +02:00