httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 61388] unescaped %0A (\n) within a RewriteMap prg: result can show other users requested sites
Date Mon, 07 Aug 2017 16:51:30 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=61388

Eric Covener <covener@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #3 from Eric Covener <covener@gmail.com> ---
I'm not sure if the later release would have prevented it.

However, the mapping program must produce line-based output. I think
mod_rewrite
discarding multiple lines in the map output is an option but seeing as how
you're on something 2.4.6-based It wouldn't be a very good idea to wait for it.

Beyond correcting the mapping program or having mod_rewrite discard unexpected
lines from the rewrite map program, sending the still-encoded request URL would
be another way to stop the map from producing bad output so easily.  One way to 
do this is to pass it a subset of %{THE_REQUEST}. But i am not sure if before
2.4.26 you may also see malicious CR/LF in %{THE_REQUEST}.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message