httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 57580] Perl code in "User-Agent" field is being executed and causing an exploit
Date Fri, 13 Feb 2015 03:27:34 GMT

D. Stussy <> changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |---

--- Comment #2 from D. Stussy <> ---
Maybe so, but regardless of the fix in BASH, the Apache HTTPD server should
still not be passing the value to a(ny) command interpreter - and THAT is a bug
in this software.

Relying on a patch in software under different authorship is akin to "security
via obscurity" -- it is NOT a fix.  The HTTPD server is cooperating with
another program to cause the exploit, which means that BOTH programs should be
fixed, even if fixing the other by itself closes the exploit.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message