httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 61388] unescaped %0A (\n) within a RewriteMap prg: result can show other users requested sites
Date Mon, 07 Aug 2017 17:06:49 GMT

--- Comment #4 from ---
For me, it's no problem any more, since it was easy to fix in the mapping prg,
once i found the cause of the problem (which was rather painful due to millions
accesses to this webserver).

I wanted to report this bug, because i think it is privacy-related. One bad guy
could get access to other users websites just by submitting a %0A URL to a
server running mod_rewrite (and of cause hoping, the rewritemap prg (if one is
used) does not think about limiting its output). And i'm sure, there are many
apaches < 2.4.26 out there.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message