[1576] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Inventory files bug now in SERVER_PROTOCOL

daemon@ATHENA.MIT.EDU (Marc Slemko)
Fri Jun 20 10:34:07 1997

Date: Fri, 20 Jun 1997 08:07:58 -0600 (MDT)
From: Marc Slemko <marcs@znep.com>
To: linux-security@redhat.com
In-Reply-To: <3397D0FC.6F849164@usa.net>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

On Fri, 6 Jun 1997, Jason Uhlenkott wrote:

> Sorry if this has already been discovered.  I just read about the
> test-cgi bug in which all files on the system could be inventoried if a
> * was put in the QUERY_STRING.  I'm running Apache/1.2b11, which has the
> QUERY_STRING problem fixed, but the same problem seems to exist in
> SERVER_PROTOCOL.
> 

That problem has not been there since at least 1.2b2.  Please verify
exactly _what_ code you are running before reporting something as a bug.
Obviously, if you don't upgrade test-cgi when you upgrade your version of
Apache, then old bugs will still be there.

[mod: Red Hat 4.2 ships with Apache/1.1.3 -- REW]

-- 
     Marc Slemko     | Apache team member
     marcs@znep.com  | marc@apache.org


home help back first fref pref prev next nref lref last post