httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 61388] unescaped %0A (\n) within a RewriteMap prg: result can show other users requested sites
Date Mon, 07 Aug 2017 17:06:49 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=61388

--- Comment #4 from tom.tao@protonmail.com ---
For me, it's no problem any more, since it was easy to fix in the mapping prg,
once i found the cause of the problem (which was rather painful due to millions
accesses to this webserver).

I wanted to report this bug, because i think it is privacy-related. One bad guy
could get access to other users websites just by submitting a %0A URL to a
server running mod_rewrite (and of cause hoping, the rewritemap prg (if one is
used) does not think about limiting its output). And i'm sure, there are many
apaches < 2.4.26 out there.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message