httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From f...@locus.apache.org
Subject cvs commit: apache-1.3/src CHANGES
Date Thu, 15 Jun 2000 00:31:41 GMT
fanf        00/06/14 17:31:41

  Modified:    src      CHANGES
  Log:
  If the CGI directory is under the document root and a user makes a
  request for something like http://www.example.com//cgi-bin/foo.cgi
  then they will get the source code for the CGI rather than its output
  without this fix.
  
  Reported by: "Paul Perkins" <paulp@despam.penguinpowered.com>
  in comp.infosystems.www.servers.unix
  <news:960999105.344321@ernani.logica.co.uk>
  
  Revision  Changes    Path
  1.1557    +6 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1556
  retrieving revision 1.1557
  diff -u -r1.1556 -r1.1557
  --- CHANGES	2000/06/12 21:54:23	1.1556
  +++ CHANGES	2000/06/15 00:31:37	1.1557
  @@ -1,5 +1,11 @@
   Changes with Apache 1.3.13
   
  +  *) Prevent the source code for CGIs from being revealed when using
  +     mod_vhost_alias and the CGI directory is under the document root
  +     and a user makes a request like http://www.example.com//cgi-bin/cgi
  +     as reported in <news:960999105.344321@ernani.logica.co.uk>
  +     [Tony Finch]
  +
     *) Under Win32, The console input mode is fixed to ignore mouse events 
        and always listen for a Ctrl+C interrupt, even if the console window
        defaults to another mode. [William Rowe]
  
  
  

Mime
View raw message