What were you trying to do that didn't work?

Send a request directly to Tomcat/JBoss with multiple separate Content-Disposition headers and the servlet request.getHeader can return a list of each header value separately:

Content-Dispostion: filename=test.txt
Content-Dispostion: filename*=UTF-8''test.txt 

Proxy such a request through httpd, and the Content-Disposition headers are merged as a comma separated value.

What is the impact of this issue to you?

 This can break the backend destination app that can now just return a single header value of "filename=test.txt, filename*=UTF-8''test.txt", which isn't really a valid Content-Disposition value.  As per RFC 6266 (https://datatracker.ietf.org/doc/html/rfc6266#section-4.1), the syntax of the Content-Disposition header does not use commas as delimiters between parameters. It should use semi-colons instead as a delimiter so each field is one disposition-type; param1=value1; param2=value2 string.

A workaround can be to use mod_headers to change the , in the merged header to a ; 

RequestHeader edit Content-Disposition "(.*), (.*)" "$1; $2" 

Please provide the package NVR for which the bug is seen:

2.4.62-4.el9

How reproducible is this bug?:

Always

Steps to reproduce

1. Send a request with multiple Content-Disposition headers to httpd and they will be merged in this way

Expected results

httpd merges Content-Dispostion header values with a semi-colon delimiter

Actual results

httpd merges Content-Dispostion header values with a comma delimiter