httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 8416] - Long paths in request are prematurely rejected
Date Tue, 23 Apr 2002 16:18:06 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8416>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8416

Long paths in request are prematurely rejected

wrowe@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX



------- Additional Comments From wrowe@apache.org  2002-04-23 16:18 -------

  This is correct behavior.  When the files were identified as non-existant,
  those paths introduced security holes.  To go from existant to non-existant,
  all one needed were additional slashes in the path.  Exploits included serving
  an autoindex pages that would otherwise should have served an index document.

  For security, Apache denies access when the path exceeds the max path length.
  This behavior is by design.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message